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Users  Seek  Answers 
From  New  HP  CEO 


Former  NCR  exec  Hurd  says  he  will  emphasize 
user  needs  and  financials  but  offers  few  details 


BY  PATRICK  THIBODEAU 
AND  LUCAS  MEARIAN 

Mark  Hurd,  who  took  over  as 
Hewlett-Packard  Co.’s  CEO 
last  week,  said  one  of  his  first 
priorities  will  be  meeting  with 
HP’s  employees,  customers 
and  partners  over  the  coming 
weeks  and  months. 

“Don’t  expect  to  see  a 
lot  of  me  right  now,” 
he  bluntly  told  re¬ 
porters  before  ending 
a  press  conference. 

HP  users  said  they 
will  be  ready  for  Hurd, 
who  until  last  Tuesday 
was  president  and 
CEO  of  NCR  Corp. 


Ten  customers  interviewed  af¬ 
ter  HP  announced  his  hiring 
said  they  want  answers  to 
questions  about  the  company’s 
overall  direction  and  its  plans 
for  specific  product  lines. 

They  also  offered  plenty  of 
advice  for  Hurd,  including  sug¬ 
gestions  that  he  get 
HP  out  of  the  PC  busi¬ 
ness  and  make  it  more 
customer-oriented 
than  it  was  under 
former  CEO  Carly 
Fiorina. 

The  clock  is  ticking 
for  HP,  said  Gary  Pila- 
fas,  a  senior  storage 
and  systems  architect 


at  UAL  Loyalty  Services  Inc., 
a  unit  of  United  Air  Lines  Inc. 
Hurd  “needs  to  define  their 
future  and  get  the  word  out 
quickly,”  Pilafas  said,  adding 
that  he  thinks 
HP  should  spin 
off  its  PC  oper¬ 
ations  in  order 
to  “focus  on  the 
profitable  units.” 
HP  CEO,  page  16 


Comdex ’05 
Cancellation 
Draws  Yawns 

Users  say  they  don’t 
miss  once-vital  show 


jfr 


HURD  vowed  a 
“relentless  fo¬ 
cus”  on  users. 


IB9 

A  book  by  Mark 
Hurd  provides 
some  insights 
into  his  methods. 


Microsoft  Rlls 
Security  Gaps 
In  OS  Update 

BY  CAROL  SLIWA 

IT  managers  will  find  several 
tools  designed  to  help  them 
protect  systems  from  security 
threats  in  the  first  service 


pack  update  for  Windows 
Server  2003,  which  Microsoft 
Corp.  released  last  week  — 
nearly  two  years  after  the 
operating  system’s  debut. 

Some  users  said  Service 
Pack  1  could  reduce  the  need 
to  augment  Windows  Server 
2003  with  third-party  security 
software.  New  features  in  SP1 
OS  Update,  page  49 


BY  TODD  R.  WEISS 

No  Comdex  this  November? 
No  problem,  IT  managers  said 
last  week  after  the  Las  Vegas 
trade  show  was  canceled  for 
the  second  straight  year. 

They  added  that  the  one¬ 
time  main  event  in  the  com¬ 
puter  industry  had  lost  its  fo¬ 
cus  in  recent  years,  becoming 
a  showcase  for  products  and 
technology  that  were  of  little 
interest  to  corporate  IT. 

Bob  Schwartz,  CIO  at  Pana¬ 
sonic  Corporation  of  North 

Comdex,  page  49 


Read  full  coverage  of  Comdex’s  travails 


in  recent  years  on  our  Web  site: 

QuickLink  a1260 
www.computerworld.com 
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Early  adopters  say 
iSCSI  has  become  a  strong 
rival  to  Fibre  Channel  for 
low-end,  midrange  and 
departmental  storage. 
By  Robert  L.  Mitchell 
Page  21 
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The  world’s  most-deployed  server  platform  now  supports 
64-bit  applications.  The  Intel®  Xeon M  processor  now 
works  harder  for  your  business  than  ever.  With  innovative 
platform  features  that  enable  power-saving 
options,  flexible  memory,  I/O  and  storage  configurations. 
And,  of  course,  continued  support 
for  all  your  existing  32-bit  applications. 

How  can  Intel  Xeon  processor-based  servers  serve  you? 

intel.com/go/xeon 
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SAS  software  delivers  one  powerful  business  intelligence  and  analytics  platform  for  gaming  greater 
return  on  intelligence  —  in  less  time.  For  nearly  30  years,  SAS  has  been  helping  companies  gain  answers 
to  their  most  pressing  business  questions  and  address  their  most  challenging  issues. ..taking  them 


'  on  SAS  to  increase  profits,  reduce  costs, 


v,  www.sas.com/value 
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Open  Ticket  for  Continental 

In  the  Technology  section:  Continental  Airlines  found  out  it  was 
pushing  the  envelope  when  it  decided  to  move  its  automated 
ticket-reissue  application  to  an  open-source  software  stack 
that  included  a  64-bit  MySQL  database  server,  says  Michael 
McDonald,  the  company’s  director  of  technology.  Page  24 
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6  Oracle  is  the  latest  large 
vendor  to  snatch  up  identity 
management  tools,  with  its 
purchase  of  Oblix. 

6  Kmart  CIO  Karen  Austin  gets 
the  nod  to  lead  IT  operations 
at  the  newly  formed  Sears 
Holdings. 

7  Electricity  provider  Bonne¬ 
ville  Power  Administration 
abandons  much  of  a  $25  mil¬ 
lion  software  system. 

7  Companies  are  slowly  start¬ 
ing  to  talk  about  replacing 
core  applications  with  newer 
systems,  signaling  a  thaw  in 
the  IT  spending  freeze. 

8  Hitachi  Data  adds  network- 
attached  storage  to  its  high- 
end  virtualization  platform. 

8  Bridgestone  Europe  enlists 
an  offshore  firm  in  India  for 
SAP  support. 

12  New  tools  bridge  the  gap  be¬ 
tween  application  developers 
and  IT  operations  staffers. 

12  Alcatel’s  OmniSwitch  6800L 

offers  a  software  key  for  later 
upgrades  to  Gigabit  Ethernet, 

14  Global  Dispatches:  Japan  bears 
down  on  privacy  with  a  tough 
new  law;  FedEx  Asia  Pacific’s 
CIO  says  RFID  scanning 
needs  to  be  more  accurate. 

14  The  U.K.  withholds  $25  mil¬ 
lion  owed  to  Electronic  Data 
Systems  because  of  problems 
with  the  implementation  of  a 
welfare  case  management  and 
telephony  system. 


21  Invasion  of  the  iSCSI  SANs. 

Buoyed  by  the  success  of  early 
trials,  storage  administrators 
say  they  are  ready  to  deploy 
IP  SANs  to  consolidate  de¬ 
partmental  storage. 

26  QuickStudy:  Biometric  Au¬ 
thentication.  An  introduction 
to  the  technologies  that  can 
verify  a  user’s  identity  through 
a  behavioral  characteristic  or 
physical  trait  that  can’t  easily 
be  changed,  such  as  a  finger¬ 
print  or  the  pattern  of  an  iris. 

28  Security  Manager’s  Journal: 
Downtime  Becomes  Docu¬ 
mentation  Time.  Mathias 
Thurman  takes  advantage  of  a 
lull  in  the  usually  hectic  pace 
to  catch  up  on  some  impor¬ 
tant  documentation  of  things 
that  were  done  earlier. 
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36  Think  Tank.  A  computer 
forensics  expert  explains  the 
role  of  CIOs  in  handling  a 
data  scandal;  and  research 
suggests  that  older  workers 
have  no  problem  adapting  to 
new  IT  systems. 

38  Just  Say  No.  Sure,  IT  is  sup¬ 
posed  to  be  an  enabler,  but 
there  are  times  when  you 
have  to  refuse  ill-advised 
business  requests  and  hare¬ 
brained  projects.  Here’s  how 
to  do  it  and  keep  your  job. 

42  Career  Watch.  The  looming 
IT  succession  problem;  how 
management  kills  employees’ 
enthusiasm;  and  the  CIO  as 
change  agent. 


10  On  the  Mark:  Mark  Hall  re¬ 
ports  that  Microsoft’s  service 
and  support  group  is  willing 
to  give  companies  a  new  ver¬ 
sion  of  the  Netmon  tool  free 
of  charge,  for  a  little  some¬ 
thing  in  return. 

18  Don  Tennant  thinks  HP’s  new 
CEO,  Mark  Hurd,  needs  to 
build  a  software  future  and 
avoid  losing  another  acquisi¬ 
tion  opportunity  to  IBM. 

18  Bruce  A.  Stewart  demon¬ 
strates  just  how  much  change 
IT  could  see  in  a  very  short 
amount  of  time. 

19  Michael  H.  Hugos  says  imple¬ 
menting  a  new  system  is  a  lot 
like  building  a  house.  But  in 
both  cases,  the  architect 
doesn’t  always  have  control. 

30  Mark  Willoughby  argues  that 
although  federation  may  be  a 
trendy  lexicographic  reinven¬ 
tion,  its  ramifications  are  still 
important  to  IT. 

44  Paul  Glen  advises  against 
using  Machiavellian  fear 
tactics  to  manage  knowledge 
workers. 

50  Frankly  Speaking:  Frank 

Hayes  wants  HP’s  new  CEO 
to  listen  to  this  advice  above 
all  others:  Listen,  listen,  listen. 


DEPARTMENTS/RESOURCES 


At  Deadline  Briefs  . 6 

News  Briefs  . 10,12 

Letters . 19 

IT  Careers . 45 

Company  Index . 48 

How  to  Contact  CW . 48 

Shark  Tank  . 50 


Decide  to  Be  Decisive 

IT  MANAGEMENT:  Indecision  adds  costs  to 
projects  and  can  place  them  in  peril,  say 
Michael  Patterson  and  Patricia  Pruden. 

They  offer  advice  for  overcoming  it. 

O  QuickLink  53308 

Ten  Questions  About  Sarb-Ox 

STORAGE:  Can  you  or  your  CEO  answer 
these  questions  on  the  Sarbanes-Oxley  Act? 
Knowing  the  answers  could  keep  your  com¬ 
pany  on  solid  ground  and  your  CEO  on  the 
job.  O  QuickLink  53163 

Untangle  That  Spaghetti 

DATA  MANAGEMENT:  Data  hubs  can  help 
streamline  the  mess  of  point-to-point  links 
between  many  applications.  And  there  are 
finally  some  ready-made  products  to  help 
with  implementation,  says  columnist  Melissa 
A.  Cook.  ©  QuickLink  53504 


Standards  and  the  Grid 

HARDWARE:  Columnist  Ian  Foster  talks  with 
Internet  pioneer  Vinton  Cerf  about  the  role 
of  standards  in  promoting  Internet  adoption 
and  what  lessons  that  might  hold  for  grid 
computing.  ©  QuickLink  53400 


Webcast:  Storage  Case  Study 

STORAGE:  John  D.  Halamka,  CIO  at  Care- 
Group  Health  System  and  Harvard  Medical 
School,  oversees  infrastructure  for  3,000 
doctors  who  move  70TB  of  data  a  day.  He 
discusses  how  to  keep  users  happy  in  this 
webcast.  ©  QuickLink  k170Q 


What’s  a  QuickLink? 


O  Throughout  each  issue  of 
Computerworld,  you'll 
see  five-digit  QuickLink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  QuickLink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick¬ 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site. 
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Explorer,  Outlook 
Raws  Probed 


Microsoft  Corp.  is  investigating  a 
new  set  of  potentially  serious  se¬ 
curity  flaws  in  Internet  Explorer 
and  Outlcok  reported  by  security 
company  eEye  Digital  Security. 
The  flaws  in  the  browser  and 
e-mail  client  could  let  an  attacker 
take  control  of  a  system  with 
minimal  action  from  the  user, 
according  to  eEye.  The  flaws  are 
ranked  as  high  risk. 


Intel  to  Abide  by 
Japanese  Ruling 

Intel  Corp.’s  Japanese  subsidiary 
has  agreed  to  accept  recommen¬ 
dations  made  by  the  Japan  Fair 
Trade  Commission  as  part  of  an 
investigation  into  alleged  unfair 
business  practices  by  Intel.  The 
chip  maker  said  it  disagrees  with 
findings  that  it  restrained  compe¬ 
tition  in  the  Japanese  PC  chip 
market  but  intends  to  abide  by  the 
cease-and-desist  provisions  of  the 
recommendation. 


MCI  to  Consider 
Latest  Qwest  Bid 

MCI  Inc.  will  consider  a  new  bid 
from  Qwest  Communications  In¬ 
ternational  Inc.,  even  though  MCI 
has  twice  said  that  it  intends  to  be 
acquired  by  Verizon  Communica¬ 
tions  Inc.  Just  days  after  accept¬ 
ing  a  Verizon  bid  for  a  second 
time,  MCI  said  it  wili  “re-engage” 
in  merger  talks  with  Qwest.  Qwest 
on  Thursday  increased  its  bid  for 
MCI  to  $8.9  billion,  about  $1.3  bil¬ 
lion  more  than  Verizon’s  offer. 


Berkeley  Hit  With 
Student  Data  Theft 

Officials  at  the  University  of  Cali¬ 
fornia,  Berkeley,  are  notifying 
more  than  98, GOO  graduate  stu¬ 
dents  and  applicants  about  the 
theft  of  a  laptop  computer  con¬ 
taining  their  names,  Social  Secu¬ 
rity  numbers  and  other  informa¬ 
tion.  Officials  said  no  reports  have 
been  received  about  misuse  of 
the  data.  The  laptop  was  stolen 
March  11  from  a  restricted  area. 


Oracle  Joins  Rush  to 
Acquire  Identity  Tools 


Oblix  buy  furthers  consolidation  trend; 
vendor  gains  non-Oracle  ID  capabilities 


BY  JAIKUMAR  VIJAYAN 

Oracle  corp.’S  pur¬ 
chase  of  Oblix  Inc. 
for  an  undisclosed 
sum  last  week  is 
part  of  a  movement  among 
major  IT  vendors  to  address 
growing  user  demand  for 
identity  and  access  manage¬ 
ment  software,  analysts  said. 

The  acquisition  gives  Ora¬ 
cle  a  range  of  software  sup¬ 
porting  capabilities,  such  as 
single  sign-on  and  federated 
identity  management.  Cuper¬ 
tino,  Calif. -based  Oblix  has 
about  100  employees  and 
claims  to  have  more  than  150 
customers,  including  The  Boe¬ 
ing  Co.,  Burger  King  Corp.  and 
The  Coca-Cola  Co. 

The  Oblix  software  comple¬ 
ments  a  set  of  tools  that  Ora¬ 
cle  already  sells  and  will  allow 
it  to  offer  users  identity  man¬ 
agement  functionality  for  non- 
Oracle  applications,  middle¬ 
ware  and  databases,  said 
Thomas  Kurian,  a  senior  vice 
president  at  the  software  ven¬ 
dor.  That  includes  the  People- 
Soft  and  J.D.  Edwards  applica¬ 
tions  that  Oracle  acquired  ear¬ 
lier  this  year,  Kurian  said. 

Positive  Results  for  Users 

Purchases  of  so-called  bou¬ 
tique  vendors  such  as  Oblix  by 
larger,  more  well-established 
companies  usually  have  posi¬ 
tive  results  for  users,  said  an 
IT  manager  at  a  large  travel- 
industry  company  that  uses 
Oblix’s  technology. 

“The  tools  mature  techni¬ 
cally  and  functionally  due  to 
increased  funding,”  said  the  IT 
manager,  who  asked  not  to  be 
identified.  “And  it  allows  us  to 
better  leverage  the  relation¬ 
ships  already  established  with 
our  larger  long-term  vendors.” 

Oracle’s  acquisition  plays 
into  a  growing  corporate  in¬ 
terest  in  tools  that  combine 
access  control  for  Web  appli¬ 


cations  with  functions  for  ad¬ 
ministering  the  separate  iden¬ 
tity  credentials  associated 
with  legacy  applications  run¬ 
ning  on  mainframes  and  other 
systems,  said  Roberta  Witty, 
an  analyst  at  Gartner  Inc. 

“The  need  to  comply  with 
regulations  is  forcing  identity 
and  access  management  to  the 
forefront  at  every  organiza¬ 
tion,”  Witty  said,  referring  to 
the  mandates  of  laws  such  as 
the  Sarbanes-Oxley  Act. 

Oracle  is  the  latest  in  a  line 
of  large  vendors  that  have 
added  to  their  identity  man¬ 
agement  capabilities  through 
acquisitions. 

On  March  23,  BMC  Software 
Inc.  announced  that  it  had 


bought  OpenNetwork  Tech¬ 
nologies  Inc.,  a  Clearwater, 
Fla.-based  vendor  of  Web  ac¬ 
cess-control  and  single  sign-on 
tools,  for  an  undisclosed  price. 

That  followed  a  January  25 
deal  in  which  BMC  acquired 
Calendra,  a  Paris-based  devel¬ 
oper  of  federated  identity 
management  software,  for 
$33  million  in  cash. 

Computer  Associates  In¬ 
ternational  Inc.  purchased 
Waltham,  Mass.-based  identity 
management  vendor  Netegrity 
Inc.  for  $430  million  last  No¬ 
vember.  And  last  week,  CA 
said  it  had  bought  software  for 
identifying  and  deleting  obso¬ 
lete  or  rogue  user  IDs  on 
mainframes  from  InfoSec  Inc. 
in  North  Barrington,  Ill.  The 
two  companies  didn’t  divulge 
the  purchase  price. 

In  addition,  IBM,  Sim  Micro- 


ID  Check 

The  Oblix  deal  gives  Oracle 
the  following  technologies: 


ss  COREid  Offers  identity 
management  functions, 
including  Web-based  single 
sign-on,  user  self-registration 
and  user  provisioning. 

■  SHARE!  Supports  federat¬ 
ed  identity  management. 

■  C0REs\  Manages  access  to 
Web  services. 


systems  Inc.  and  Hewlett- 
Packard  Co.  have  all  made 
identity-related  purchases 
over  the  past  two  years. 

“Clearly,  ID  management  is 
becoming  a  big-company  mar¬ 
ket,”  said  Phil  Schacter,  an  an¬ 
alyst  at  Burton  Group  in  Mid¬ 
vale,  Utah.  He  added  that 
small  vendors  “have  difficulty 
growing  fast  and  investing  in 
the  marketing  infrastructure 
to  be  able  to  compete  with 
the  likes  of  CA  and  IBM.” 

©  53531 


Kmart  CIO  Gains  Top  IT 
Job  at  Sears  Holdings 


Austin  to  manage 
tech  operations; 
Kelly  exits  retailer 

BY  CAROL  SLIWA 

Karen  Austin,  who  had  been 
the  CIO  at  Kmart  Holding 
Corp.,  was  given  the  reins  of 
the  IT  department  at  the  new¬ 
ly  formed  Sears  Holdings 
Corp.  when  Kmart  completed 
its  merger  with  Sears,  Roe¬ 
buck  and  Co.  late  last  month. 

Sears  CIO  Gerald  Kelly  Jr. 
left  the  combined  company 
shortly  after  the  deal  closed 
on  March  24,  according  to 
Sears  Holdings  spokesman 
Christopher  Brathwaite.  When 
Kmart  and  Sears  announced 
their  merger  plans  last  No¬ 
vember  [QuickLink  50943],  it 
was  unclear  whether  Austin 
or  Kelly  would  emerge  as  the 
leader  of  IT  operations. 

Austin,  43,  is  a  21-year  IT 
veteran  at  Kmart  and  became 


CIO  there  in  April  2002.  In  her 
expanded  position,  she  will  re¬ 
port  to  Aylwin  Lewis,  presi¬ 
dent  of  Sears  Holdings  and 
CEO  of  Kmart  and  Sears  Retail. 

Brathwaite  said  it’s  too  early 
to  comment  about  the  degree 
to  which  the  systems  at  Kmart 
and  Sears  will  be  integrated. 
The  new  company  is 
still  “working  through 
the  various  layers  of 
the  structure  of  this  or¬ 
ganization”  and  has  yet 
to  determine  what  the 
top  IT  priorities  will  be 
going  forward,  he  said. 

David  Hogan,  senior 
vice  president  and  CIO 
at  the  National  Retail 
Federation  in  Washing¬ 
ton,  said  he  expects 
that  the  two  retailers 
will  find  synergies 
from  a  sourcing  and 
supply  chain  perspec¬ 
tive.  “If  I  had  those  two 
organizations,  I  would 


over  time  just  take  a  look  from 
a  process-improvement  per¬ 
spective  where  the  low-hang¬ 
ing  fruit  is  and  go  after  that,” 
Hogan  said. 

Sparse  Initiatives 

Major  IT  initiatives  were 
sparse  during  Austin’s  three- 
year  tenure  as  Kmart’s  CIO,  as 
the  retailer  battled  to  emerge 
from  bankruptcy  protection, 
which  it  finally  did  last  May. 
One  of  the  most  recent  proj¬ 
ects  at  the  company 
was  a  redesigned  Web 
site  that  its  e-com¬ 
merce  team  built  with 
help  from  Fry  Inc.  and 
launched  the  same 
week  the  merger  was 
announced. 

At  Sears,  Kelly 
had  made  some  bold 
moves  after  being 
named  CIO  in  October 
2002.  For  example,  he 
orchestrated  a  10-year, 
$1.6  billion  IT  out¬ 
sourcing  deal  with 
Computer  Sciences 
Corp.  in  March  2004. 

©  53529 


Energy  Supplier  Switches  Gears  on  Software  Rollout 


Bonneville  Power  drops  $25M  system, 
turns  to  hosted  apps  to  meet  mandates 


BY  MARC  L.  SONGINI 

Electricity  provider  Bonne¬ 
ville  Power  Administration 
(BPA)  recently  abandoned  a 
controversial  $25  million  soft¬ 
ware  system  that  handled  en¬ 
ergy  scheduling,  transaction 
management  and  transmission 
availability. 

In  1999,  the  Portland,  Ore.- 
based  BPA  and  Houston-based 
software  vendor  SoftSmiths 
Inc.  started  work  on  the  so- 
called  Electricity  Transaction 
Management  System  (ETMS). 
The  project  was  slated  to  cost 
$12  million  and  last  one  year. 
Nearly  five  years  and  $25  mil¬ 
lion  later,  the  ETMS  was  most¬ 
ly  scrapped  last  November. 

“Our  challenge  was  to  en¬ 
gage  a  system  that  was  flexible, 
rapid  and  accurate,”  said  BPA 
spokesman  Edward  Mosey. 
“The  ETMS  didn’t  deliver  the 
necessary  performance  levels.” 

The  new  system  was  to  re¬ 
place  a  30-year-old  home¬ 
grown  mainframe-based  sys¬ 
tem  that  required  transaction 
orders  to  be  phoned  in,  faxed 
or  e-mailed.  That  system 
didn’t  comply  with  federal 
regulations  requiring  greater 
speed  and  better  visibility  into 
transmission  availability. 

Late  last  year,  the  BPA 
turned  to  an  alternative  host¬ 
ed  system  from  Minneapolis- 
based  Open  Access  Technolo¬ 
gy  International  Inc.  (OATI) 
that  went  live  in  February  and 
is  already  meeting  the  BPA’s 
needs. 

The  BPA,  which  is  overseen 
by  the  U.S.  Department  of  En¬ 
ergy,  provides  wholesale  elec¬ 
tricity  throughout  the  North¬ 
west  and  must  comply  with 
regulatory  requirements  to 
provide  greater  efficiency  in 
its  transmission  business. 

Valuable  Experience 

Despite  the  failure  of  the  ini¬ 
tial  effort,  BPA  officials  said  it 
was  valuable  to  the  operation. 
“BPA  views  the  $25  million 
spent  on  the  ETMS  as  a  cost 
of  implementing  a  scheduling 


automation  system  that  meets 
its  needs,”  said  Mosey. 

He  noted  that  the  BPA  spent 
significant  sums  to  create  re- 
quirements-definition  and  re¬ 
finement  specifications  that 
remain  useful.  “One  result  was 
that  we  have  put  into  place  a 
stronger  project  management 
organization  to  oversee  IT 
projects,”  Mosey  said. 

According  to  regulatory 
mandates,  the  BPA  needed  to 
fully  support  electronic  tag¬ 
ging  for  each  transaction  by 
January  2005  —  a  deadline  it 
would  have  badly  missed  had 
it  not  turned  to  the  hosted  sys¬ 
tem.  Electronic  tags  track 
ownership  of  power  from  the 
source  to  the  user. 

“We  have  to  track  each  and 
every  transaction  accurately 
and  promptly.  We  worked 
through  the  challenges  with 
SoftSmiths  until  we  came  to 


Desire  for  new 
functionality 
drives  moves  to 
replace  core  apps 


BY  THOMAS  HOFFMAN 

A  thaw  in  the  four-year  IT 
spending  freeze  is  becoming 
more  evident  as  companies 
are  slowly  beginning  to  look  at 
replacing  core  applications 
with  newer  systems  that  offer 
improved  functionality  and 
scalability,  IT  managers  and 
analysts  said  last  week. 

At  the  same  time,  some  or¬ 
ganizations  are  using  Web  ser¬ 
vices  and  service-oriented  ar¬ 
chitectures  to  extend  some 
older  applications  in  addition 
to  installing  new  ones. 

For  instance,  DTE  Energy 
Co.  in  Detroit  is  deploying 
ERP  software  from  SAP  AG  to 
replace  five  financial  systems, 
two  mainframe  supply  chain 
management  systems  and  one 


the  conclusion  that  an  alterna¬ 
tive,  the  OATI,  would  better 
meet  our  needs,”  Mosey  said. 
He  didn’t  blame  the  problems 
on  SoftSmiths  but  said  that 
performance  and  other  issues 
arose  because  of  the  cus¬ 
tomization  required. 

In  the  long  run,  the  hosted 
system  will  cost  less,  Mosey 
said,  although  he  declined  to 
disclose  the  projected  costs. 

The  ETMS  was  the  subject 
of  criticism  in  a  February  2004 
audit  report  from  the  Depart¬ 
ment  of  Energy’s  inspector 


human  resources  system,  said 
CIO  Lynne  Ellyn. 

The  energy  supplier  is  also 
replacing  two  distribution  op¬ 
erations  systems  and  nine  im¬ 
plementations  of  a  plant  work 
management  system  with 
Maximo,  an  asset  and  service 
management  system  from 
Bedford,  Mass.-based  MRO 
Software  Inc.,  she  said. 

DTE  Energy  is  simultane¬ 
ously  harnessing  Web  services 
to  help  it  develop  applications 
for  functions  that  few,  if  any, 
commercial  systems  can  auto¬ 
mate,  said  Ellyn. 

Varied  Predictions 

In  a  survey  of  118  senior  finan¬ 
cial  executives  published  late 
last  month  by  Iselin,  N.J.- 
based  Siemens  Financial  Ser¬ 
vices  Inc.,  73%  of  the  respon¬ 
dents  said  they  expect  to  have 
shorter  replacement  cycles  for 
software  over  the  next  five 
years. 

But  Bill  Zadrozny,  president 


general.  The  report  charged 
that  the  project’s  management 
“lacked  a  comprehensive  proj¬ 
ect  plan  and  system  develop¬ 
ment  and  implementation 
procedures.”  The  ETMS  was 
incapable  of  meeting  “the  de¬ 
mands  of  the  automated, 
deregulated  business  environ¬ 
ment,”  the  audit  stated. 

The  inspector  general  wasn’t 
alone  in  raising  a  ruckus  about 
the  delays  and  costs  associat¬ 
ed  with  the  ETMS.  “In  the 
past,  I  was  ballistic  over  the 
handling  of  it  —  four  years 


and  CEO  of  the  Siemens  AG 
unit,  which  offers  financing  for 
hardware  and  software  pur¬ 
chases,  said  he  hasn’t  seen  any 
significant  increases  in  soft¬ 
ware  spending  from  Siemens’ 
users  so  far  this  year. 

“We’re  hearing  it  from  cus¬ 
tomers,  but  we’re  not  seeing  it 
yet,”  Zadrozny  said. 

Fenella  Scott,  an  analyst  at 
AMR  Research  Inc.  in  Boston, 
said  the  frequency  of  software 
replacement  cited  in  the 
Siemens  survey  “seems  a  little 
aggressive.”  She  estimated 
that  roughly  5%  of  AMR’s 
manufacturing  industry  cus¬ 
tomers  plan  to  replace  their 
core  packaged  applications 
over  the  next  12  months. 

Harrah’s  Entertainment  Inc. 
is  making  increased  use  of 
middleware  from  vendors 
such  as  Tibco  Software  Inc.  to 
more  closely  integrate  its  ex¬ 
isting  systems,  said  Tim  Stan¬ 
ley,  vice  president  of  IT  and 
CIO  at  the  Las  Vegas-based 
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THE  POWER  COMPANY'S  ill-fated  system  didn’t  perform  as  required. 


Users  Prepare  to  Buy  as  Budgets  Thaw 


and  $25  million  down  the 
drain,”  said  Jerry  Leone,  man¬ 
ager  of  the  Public  Power 
Council,  which  represents  114 
consumer-owned  utilities  that 
use  the  BPA’s  service.  “I  un¬ 
derstand  that  now  the  new 
system  is  up  and  running  and 
that  it  answers  the  BPA  folks’ 
needs.  If  this  is  indeed  the 
case,  then  I  am  happy,”  he  said. 

SoftSmiths  defended  its 
work  on  the  project.  “Soft- 
Smiths  delivered  all  products 
and  services  as  contracted  by 
the  customer,”  said  a  company 
spokesman  via  e-mail. 

“SoftSmiths’  products  per¬ 
formed  as  designed,”  he  wrote. 
“Products  delivered  provided 
Bonneville  Power  Administra¬ 
tion  Transmission  the  capabil¬ 
ity  to  increase  the  level  of 
automation  it  utilizes  in  its 
scheduling  processes  in  accor¬ 
dance  with  management’s  im¬ 
plementation  schedule  and 
transition  plan.” 

The  spokesman  added  that 
the  $25  million  price  tag  didn’t 
solely  include  payments  to 
SoftSmiths;  some  of  it  went  to 
other  contractors.  ©  53525 


gaming  and  hotel  company. 

But  Harrah’s  is  also  upgrad¬ 
ing  its  core  off-the-shelf  appli¬ 
cations  more  frequently  in 
order  to  migrate  to  newer 
versions  that  Stanley  hopes 
will  contain  fewer  bugs  “and 
put  us  on  a  more  predictable 
path.” 

Other  CIOs,  such  as  John 
Schille  at  American  Fidelity 
Assurance  Co.  in  Oklahoma 
City,  said  they  aren’t  planning 
to  increase  software  replace¬ 
ment  over  the  near  term  be¬ 
cause  their  applications  are 
working  as  expected. 

Kathy  Quirk,  an  analyst  at 
Nucleus  Research  Inc.  in 
Wellesley,  Mass.,  said,  “What 
I’m  seeing  is  that  a  lot  of  com¬ 
panies  are  selectively  replac¬ 
ing  software,  depending  on 
the  business  need.”  That  in¬ 
cludes  instances  where  com¬ 
panies  are  consolidating  mul¬ 
tiple  packages  of  CRM  and 
other  types  of  software  onto 
a  single  platform  or  are  up¬ 
grading  various  business  users 
onto  the  same  version  of  a  sys¬ 
tem,  she  added.  ©  53501 
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FIDS  to  Unveil  High-End 
Virtualization  Platform 

IBM,  NetApp  elbow  into  the  spotlight 
with  lesser  storage  announcements 


BY  LUCAS  MEARIAN 

itachi  Data  Sys¬ 
tems  Corp.  today 
is  expected  to  an¬ 
nounce  the  avail¬ 
ability  of  a  network-attached 
storage  (NAS)  blade  for  its 
high-end  virtualization  stor¬ 
age  platform.  The  new  blade 
for  the  TagmaStore  array  al¬ 
lows  file-level  data  transfers 
to  back-end  storage. 

The  blade  is  the  first  HDS- 
developed  NAS  offering.  The 
company  will  continue  to  sell 
third-party  NAS  products  un¬ 
der  a  reseller  agreement  with 
Network  Appliance  Inc. 

Meanwhile,  NetApp  and 
IBM  tried  to  take  some  of  the 
luster  off  of  HDS’s  entry  into 
the  NAS  market  by  making 
some  lesser  announcements. 
IBM  said  it  plans  to  add  tape 
management  to  its  SAN  File 
System  by  year’s  end,  and 
NetApp  announced  the  re¬ 
naming  of  its  SAN/NAS  gate¬ 
way  product. 

Gary  Pilafas,  a  senior  stor¬ 
age  and  systems  architect  at 
UAL  Loyalty  Services  Inc.,  an 
Arlington  Heights,  Ill.-based 
unit  of  United  Air  Lines  Inc., 
said  he  will  evaluate  the  new 
NAS  blades  for  use  with  one 
TagmaStore  array  in  produc¬ 
tion  and  two  others  that  the 
airline  recently  purchased. 

Pilafas  said  he  hopes  the 
blades  can  simplify  his  envi¬ 
ronment  by  managing  the 
replication  of  block-  and  file- 
level  data  through  a  single 
interface. 

“You  don’t  have  to  have  an¬ 
other  appliance  in  front  of 
your  SAN  with  five  9s  avail¬ 
ability'  this  way,”  Pilafas  said. 

Each  of  the  TagmaStore’s 
NAS  blades  scales  to  512TB  of 
capacity,  and  the  array  can 
hold  up  to  eight  blades,  said 
Claus  Mikkelsen,  senior  direc¬ 
tor  of  storage  applications  at 


Santa  Clara,  Calif.-based  HDS. 

As  an  example  of  its  pricing 
plan,  HDS  said  a  new  NAS 
blade  with  1.2TB  capacity  will 
list  for  $86,700. 

Developments  at  IBM 

For  its  part,  IBM  disclosed 
plans  to  add  tape  management 
systems  to  the  SAN  File  Sys¬ 
tem.  It  also  announced  that  it 
sold  its  999th  and  1,000th  SAN 
Volume  Controller  (SVC)  vir¬ 
tualization  appliances.  The 
buyer  was  the  internal  IT  shop 
at  Cisco  Systems  Inc.;  ironical¬ 
ly,  Cisco  has  been  feverishly 
pitching  its  own  virtualization 
device  embedded  in  its  line  of 


IT  executive  at 
tire  maker  says  no 
layoffs  are  planned 

BY  PATRICK  THIBODEAU 

The  European  unit  of  Bridge¬ 
stone  Corp.  plans  to  outsource 
support  and  maintenance  of 
its  SAP  ERP  system  to  an  off¬ 
shore  firm  in  India,  but  the  de¬ 
cision  isn’t  expected  to  lead  to 
any  layoffs  of  IT  staffers  at  the 
tire  maker. 

Bridgestone  Europe  will 
turn  over  management  of 
its  SAP  AG  applications  to 
Satyam  Computer  Services 
Ltd.  in  Hyderabad,  India,  the 
two  companies  announced 
last  month  without  disclosing 
any  financial  details. 

The  three-year  agreement 
will  let  Bridgestone  Europe 
“free  up  resources  to  focus  on 
new  requests  and  new  de¬ 
mands,”  said  Joe  O’Neill,  IT 
director  at  the  Brussels-based 
unit. 

O’Neill  said  that  having  the 
internal  IT  staff  deal  with  SAP 


MDS  9000  storage  switches. 

A  spokeswoman  for  Cisco’s 
IT  group,  who  wouldn’t  dis¬ 
cuss  the  competition  between 
the  IBM  and  Cisco  offerings, 
said  the  sales  agreement  for 
the  IBM  SVC  was  just  signed 
and  the  appliance  hasn’t  yet 
arrived.  Cisco  will  use  SVC 
along  with  other  virtualization 
systems  for  data  migration 
and  replication,  she  said. 

Brian  Perlstein,  a  senior 
technology  consultant  at  Oak- 
wood  Healthcare  System  in 
Dearborn,  Mich.,  hopes  to  add 
the  tape  management  function 
to  his  IBM  SAN  File  System 
appliance.  Perlstein  also  uses 
two  SVC  appliances  to  pool 
storage  from  an  all-IBM  stor¬ 
age-area  network  that  includes 
high-end  and  midrange  arrays. 


support  issues  isn’t  adding  any 
value  to  Bridgestone  Europe’s 
business  operations.  Whether 
SAP  problems  are  handled  in 
Brussels  or  offshore  “doesn’t 
really  matter  to  the  business 
user,  provided  he  gets  a  reso¬ 
lution,”  O’Neill  said. 

Because  Bridgestone’s  SAP 
support  operations  are  cen¬ 
tralized  in  Brussels,  shifting 
the  work  to  India  won’t  be  dif¬ 
ficult,  he  added.  “We  already 
have,  I  would  say,  a  near-shore 
support  organization  within 
our  own  organization,”  O’Neill 
said. 

Bridgestone  has  six  manu- 


HWe  already 
have,  I  would 
say,  a  near-shore 
support  organiza¬ 
tion  within  our  own 
organization. 

JOE  O’NEILL.  IT  DIRECTOR. 
BRIDGESTONE  EUROPE 


Perlstein  said  that  adding 
tape  to  the  virtualization  layer 
would  let  him  simplify  his  in¬ 
frastructure,  which  includes 
an  IBM  3584  tape  library. 

Rick  Villars,  an  analyst  at 
IDC  in  Framingham,  Mass., 
said  IBM’s  announcement  sig- 


ANNOUNCEMENTS 


Virtualization 

■  HDS  adds  a  NAS  blade  to  its 
TagmaStore  array. 

■  IBM  will  add  tape  management 
to  its  SAN  File  System  by  year's 
end;  announces  its  1,000th 
SAN  Volume  Controller  sale. 

■  NetApp  renames  gFiler  engine 
and  plans  support  for  arrays 
from  all  major  storage  vendors. 


facturing  plants,  a  technical 
center  and  numerous  sales 
and  distribution  facilities 
throughout  Europe;  its  Euro¬ 
pean  ERP  system  supports 
about  2,000  end  users. 

Moving  support  for  pack¬ 
aged  applications  offshore  is 
an  increasingly  common  IT 
strategy,  said  Atul  Vashistha, 
chairman  and  CEO  of  NeoIT 
Inc.,  a  San  Ramon,  Calif.-based 
consulting  firm  that  advises 
companies  on  offshore  out¬ 
sourcing.  At  first,  many  off¬ 
shore  initiatives  were  focused 
on  support  of  custom  applica¬ 
tions,  Vashistha  said. 

“Now  we’re  starting  to  see 
significant-size,  longer-term 
ERP  support  and  maintenance 
deals  happening,”  he  said,  not¬ 
ing  that  many  offshore  actions 
aren’t  made  public. 

O’Neill  said  Bridgestone 
Europe  is  in  a  transition  phase 
on  the  support  shift,  finalizing 
agreements  with  Satyam  and 
getting  the  processes  in  place 
to  complete  the  move. 

“Even  though  people’s  jobs 


nals  a  maturation  of  virtualiza¬ 
tion,  which  creates  a  layer  of 
abstraction  between  applica¬ 
tion  servers  and  back-end 
storage. 

Name  Change  at  NetApp 

Meanwhile,  Sunnyvale,  Calif.- 
based  NetApp  last  week 
changed  the  name  of  its  virtu¬ 
alization  appliance  from  the 
gFiler  to  the  V-Series.  NetApp 
also  pledged  that  the  V-Series 
will  support  IBM,  EMC  Corp. 
and  Hewlett-Packard  Co.  ar¬ 
rays  by  midyear.  The  appli¬ 
ance  now  supports  HDS  ar¬ 
rays.  The  device  acts  as  a  vir¬ 
tualization  layer  between  ap¬ 
plication  servers  and  a  hetero¬ 
geneous  storage  architecture. 

Jeff  Hornung,  vice  president 
of  enterprise  file  services  and 
storage  networking  at  NetApp, 
said  that  the  company  plans  to 
integrate  a  distributed  file  sys¬ 
tem  from  Spinnaker  Networks 
Inc.  into  the  V-Series  by  the 
end  of  the  year.  NetApp  ac¬ 
quired  Spinnaker  last  year. 
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aren’t  threatened  by  this, 
there’s  still  a  need  for  people 
to  adapt,”  he  said. 

Bridgestone  didn’t  disclose 
an  estimated  cost  savings  from 
the  offshore  deal,  nor  would 
O’Neill  discuss  the  new  proj¬ 
ects  that  internal  SAP  support 
staffers  will  work  on.  But  he 
said  some  of  the  expected 
benefits  will  arise  from  the 
company’s  ability  to  direct 
more  of  its  internal  resources 
toward  other  IT  needs. 

Manish  Mehta,  a  director 
and  senior  vice  president  at 
Satyam,  said  the  company  has 
been  providing  SAP  support 
for  nearly  six  years  and  has 
more  than  1,700  employees 
working  in  its  SAP  practice. 
The  company  has  about  100 
SAP  clients,  he  added. 

©  53533 
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Bridgestone  Europe  Turns  to  India  for  SAP  Support 


trademarks  of  their  respective  owners. 


Mr.  400,000  SKUs  and 
7.5  Million  Transactions 
Analyzed  In  Real  Time 


The  new  system  integrates  thousands  of 
pieces  of  data  in  real  time.  Store  managers 
love  it,  executives  love  it— everyone  loves  it 

Robert  Fort 

Director  of  IT,  Virgin  Entertainment  Group,  North  America  ' 


Make  a  name  for  yourself  with  Windows  Server  System.  Microsoft8  Windows  Server  System™  makes  it  easier 
for  Virgin  Entertainment  Group,  North  America  to  make  inventory  decisions  based  on  real-time  data 
from  its  sales  counters.  Here's  how:  By  building  a  business  intelligence  solution  using  SQL  Server™ 
supported  by  BizTalk"8  Server  and  the  .NET  Framework,  Virgin  is  able  to  gather  the  Point  of  Sale 
and  traffic  data  collected  in  its  stores,  analyze  it,  and  have  reports  to  store  managers  every 
15  minutes.  Software  that's  easier  to  integrate  is  software  that  helps  you  do  more  with  less. 

To  get  the  full  Virgin  story  or  find  a  Microsoft  Certified  Partner,  go  to  microsoft.com/wssystem 
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Equity  Firms  Invest 
$350M  in  Lenovo 

Three  U.S.  private  equity  firms 
said  they  will  invest  $350  million 
in  China's  Lenovo  Group  Ltd.  to 
help  fund  its  takeover  of  IBM’s  PC 
business.  Texas  Pacific  Group, 
General  Atlantic  Partners  LLC  and 
Newbridge  Capital  Group  LLC  will 
collectively  own  about  10%  of 
Lenovo  when  the  deal  closes. 
Lenovo  will  use  $150  million  to  fi¬ 
nance  its  IBM  purchase  and  the 
rest  for  working  capital. 


Google  Buys  Web 
Analytics  Toolmaker 

Google  Inc.  has  acquired  Urchin 
Software  Corp.,  a  Web  site  ana¬ 
lytics  system  developer.  Terms  of 
the  deal,  which  is  expected  to 
close  in  April,  weren’t  disclosed. 
Urchin’s  software  is  used  to  pro¬ 
vide  data  on  user  experience  and 
allow  the  optimization  of  content 
and  Web  marketing.  The  system  is 
used  by  more  than  1  million  sites 
worldwide. 


i2  Technologies 
Cutting  300  Jobs 

Supply  chain  vendor  i2  Technolo¬ 
gies  Inc.  has  begun  a  round  of  lay¬ 
offs  that  will  see  as  much  as  15% 
of  its  2,000-person  workforce 
eliminated.  The  struggling  soft¬ 
ware  vendor  notified  most  employ¬ 
ees  of  the  layoffs  last  week,  the 
end  of  its  first  quarter.  The  layoffs 
will  be  companywide  and  aren’t 
focused  on  any  one  business  unit 
or  geographic  region. 


SunGard  Agrees 
To  $11.38  Buyout 

SunGard  Data  Systems  Inc.  said 
its  board  of  directors  has  approved 
a  $11.3  billion  buyout  offer  from 
seven  investment  firms.  SunGard 
officials  said  that  no  layoffs  are 
planned  and  that  they  are  aban¬ 
doning  a  plan  announced  earlier  to 
split  off  its  disaster  recovery  busi¬ 
ness  from  its  software  and  pro¬ 
cessing  business.  SunGard’s  head¬ 
quarters  will  remain  in  Wayne,  Pa. 
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HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  GOSSIP  BY  MARK  HALL 
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Microsoft  Plans  to 
Share  Network . . . 

. . .  troubleshooting  tool  with  users  and  vendors  alike.  But 

it  wants  a  quid  pro  quo  of  a  sort.  According  to  Neil 
Leslie,  general  manager  of  Microsoft  Corp.’s  cus¬ 
tomer  service  and  support  group,  the  company  with¬ 
in  six  months  will  release  a  beta  version  of  Network 


Monitor  3.0,  an  upgrade  of  a 
tool  that  has  shipped  as  part 
of  its  Systems  Management 
Server  (SMS)  software.  What 
will  be  different  in  the  next 
SMS  release,  Leslie  says,  is 
that  Netmon  won’t  have  a 
“90-day  time  bomb”  that 
turns  off  the  tool  unless  you 
buy  it.  In  other  words,  if  you 
get  SMS,  you’ll  get  Netmon 
3.0.  Free.  Netmon  captures 
and  stores  network  packets 
for  analysis.  It  can  filter  pack¬ 
ets  by  protocol  type  and  let 
you  find  devices  on  your  net¬ 
work  and  track  their  packet¬ 
broadcasting  rates.  The  3.0 
release  adds  a  Visual  Basic- 
like  scripting  language  so  you 
can  easily  customize  it,  says 
Leslie.  Today,  he  notes,  you 
need  C  and  assembler  lan¬ 
guage  skills  to  do  so. 

Now  for  the  quid  pro  quo. 

Leslie  says  Microsoft  will  also 
make  available  later  this  year 
D-Code,  its  database  of 
the  various  service  and 
support  tools  that  the 
company  uses  internally. 

The  database  not  only 
lists  what’s  what,  but  it  Sourcefire’s  Intrusion  Sensor  appliance 


also  rates  the  effectiveness  of 
what’s  what.  Leslie  says  he 
wants  other  companies  to 
rate  their  troubleshooting 
and  analysis  tools  inside 
D-Code  so  the  info  can  be 
shared  broadly.  Microsoft 
giveth,  and  it  asketh. 

Have  a  Snort 

so  you  can  protect . . . 

. . .  your  network  in  real  time. 

That’s  Snort,  the  open-source 
intrusion-detection  and 
-protection  software.  Source- 
fire  Inc.  in  Columbia,  Md., 
this  quarter  will  upgrade  its 
Snort-based  appliances  to 
evaluate  data  packets  at  rates 
as  high  as  8Gbit/sec.,  accord¬ 
ing  to  Michele  Perry,  the 
company’s  chief  marketing 
officer.  The  Intrusion  Sensor 
appliances  will  be  able  to  ap¬ 
ply  2,900  network-access 
rules  in  real  time,  Perry  says. 
She  boasts  that  the  rules  can 


eliminate  up  to  80% 
of  network  alarms, 
thereby  assuring  IT 
managers  that  the 
alarms  that  do  ring 
are  truly  trouble.  Pric¬ 
ing  for  the  high-speed 
Intrusion  Sensors  will 
start  at  $179,000. 


SOURCEfm 


IT  lacks  control 
of  network . . . 

. . .  perimeter  because,  well,  it 
doesn’t  own  that.  So  claims 
Rita  Selvaggi,  vice  president 
of  marketing  at  Permeo  Tech¬ 
nologies  Inc.  in  Austin.  She 
contends  that  30%  to  40%  of 
the  devices  accessing  corpo¬ 
rate  networks  aren’t  owned 
or  managed  by  internal  IT  de¬ 
partments.  They’re  the  home 
PCs  of  your  employees  and 
the  computers  used  by  your 
supply  chain  partners  and 
your  onshore  and  offshore 
outsourcers  —  in  short,  who 
knows  who  is  using  who 
knows  w'hat.  If  Selvaggi’s 
right,  you  really  don’t  know, 
which  is  why,  she  argues,  you 
need  to  look  at  Permeo’s  new 
Base5  security  software  that’s 
due  to  ship  by  this  month. 
Base5  loads  a  tiny  bit  of  code 
on  every  Windows  machine 
that’s  accessing  your  net¬ 
work.  That  code  links  the  de¬ 
vices  to  the  Base5  server  soft¬ 
ware,  which  proxies  the  en¬ 
tire  session  and  applies  your 
access  policies.  For  example, 
if  you  don’t  allow  cut-and- 
paste  in  a  given  application,  it 
will  ensure  that  there’s  none 
going  on.  Later  in  Q2,  Permeo 
will  add  high-availability  fea¬ 
tures  to  the  server.  Pricing 
can  be  as  low  as  $50  per  con¬ 
current  user. 

Low-cost,  ASP-style 
system  for . . . 

. . .  managing  sales  commis¬ 
sions  is  on  the  horizon.  Bob 

Conlin,  vice  president  of 
marketing  at  Incentive 
Systems  Inc.  in  Burling¬ 
ton,  Mass.,  acknowl¬ 
edges  that  his  company’s 
software  and  rival  prod- 


CONLIN: 

Ease  sales 
commission 
calculations. 


ucts  ain’t  cheap.  “Our 
average  license  is 
$850,000,”  he  says. 

And  that’s  before  you 
get  to  the  spendy  con¬ 
figuration  stage, 
which  could  equal  or 
even  double  the  price 
tag.  Sales  commission 
management  is  com¬ 
plex,  what  with 
ramped  rates,  split  commis¬ 
sions,  drawdown  adjustments 
and  much  more  making  com¬ 
mission  estimates  as  much  art 
as  science  —  especially  for 
those  stuck  using  Excel  as 
their  primary  tool.  Conlin, 
whose  company  does  busi¬ 
ness  as  Centive,  claims  that 
the  upcoming  Compel  hosted 
service  will  be  “a  100%  solu¬ 
tion  for  80%  of  the  market.” 
Compel  offers  three  dash¬ 
board  views  —  an  executive’s 
perspective,  the  sales  rep’s 
view  and  one  for  compensa¬ 
tion  analysts.  The  service  will 
be  available  at  the  end  of  this 
month  and  will  cost  $55  per 
user  monthly.  “That’s  less 
than  you  pay  for  a  rep’s  cell 
phone  bill,”  Conlin  says. 

Unify  global  sourcing 
with  new  tool . . . 

. . .  that  understands  world  com¬ 
merce.  TradeStone  Software 
Inc.  in  Gloucester,  Mass.,  this 
week  plans  to  release  Unified 
Buying  Engine,  which  links 
your  operations  with  suppli¬ 
ers  almost  anywhere  in  the 
world,  says 
CEO  Sue 
Welch.  She 
adds  that  the 
software  han¬ 
dles  logistics 
and  financing 
issues  and 
“normalizes” 
things  such  as 
currency  rates  and  shipping 
data  from  the  perspective  of 
the  end  user.  That  is,  a  U.S. 
buyer  would  see  costs  in  dol¬ 
lars,  while  a  Chinese  supplier 
would  see  them  in  yuan. 
Pricing  starts  at  $150,000. 
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WELCH: 

Simplify  global 
relations. 


Xerox  color  multifunction  systems  can  take  all  the  things  you  do 
in  the  office  in  color  and  set  them  off,  all  from  one  launching  pad. 

Xerox  Color.  It  makes  business  sense. 


Xerox  color  is  a  blast.  And  Xerox  color  multifunction 
systems  are  here  to  bring  remarkable  power  to 
everyone  in  your  office.  By  putting  color  into  one 
system  that  prints,  copies,  scans,  faxes  and  e-mails,  you 
get  color  that’s  truly  productive.  And  by  also 
providing  those  functions  in  black  and  white,  you  11 


Xerox  color  printers 
&  multifunction  systems 


meet  all  your  document  needs  from  one  convenient 
place.  Better  yet,  the  cost  effectiveness  is  spectacular. 
Xerox  color  expertise  is  already  at  work  in  thousands  of 
companies,  helping  offices  everywhere  reach  new 
levels  of  productivity.  Put  it  to  work  in  your  office, 
and  see  how  easily  it  can  expand  your  horizons. 
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VerlSign  Close  to 
New  .net  Deal 

VeriSign  Inc.  has  moved  closer  to 
renewing  its  contract  to  operate 
the  .net  domain  registry.  Telcordia 
Technologies  Inc.,  an  evaluator 
hired  by  the  Internet  Corporation 
for  Assigned  Names  and  Num¬ 
bers,  ranked  VeriSign’s  bid  higher 
than  those  of  four  other  con¬ 
tenders  for  the  contract,  which 
will  run  for  at  least  six  years. 


AMD  Offers  a  First 
Look  at  Pacifica 

Advanced  Micro  Devices  Inc.  has 
offered  the  first  peek  at  Pacifica, 
its  virtualization  technology  for  use 
on  server  and  desktop  processors. 
The  Pacifica  specs  are  scheduled 
to  be  released  this  month.  The 
technology  allows  multiple  oper¬ 
ating  systems  and  applications  to 
run  in  independent  partitions  on  a 
single  processor.  Pacifica,  due  to 
be  rolled  out  next  year,  was  pre¬ 
sented  at  the  AMD  Reviewer’s 
Day  last  week  in  Austin. 


Symantec  Discloses 
Antivirus  Tool  Flaws 

Symantec  Corp.  acknowledged 
that  flaws  in  some  of  its  antivirus 
products  could  allow  malicious 
hackers  to  use  denial-of-service 
attacks  to  crash  systems  running 
the  software.  The  company  has 
posted  a  notice  on  its  Web  page 
describing  the  vulnerabilities  in 
Norton  AntiVirus,  Norton  Internet 
Security  and  Norton  System- 
Works.  The  company  distributed 
patches  with  its  LiveUpdate  auto¬ 
matic  update  service. 


Siebel  Releases  New 
CRM  QnDemand 

Siebel  Systems  Inc.  has  unveiled 
CRM  QnDemand  Release  7,  a 
hosted  contact-center  system 
that  it  said  can  help  users  create 
customer-related  workflows  and 
get  a  better  view  of  multichannel 
interactions.  The  new  version  has 
been  integrated  with  other  hosted 
applications  in  Siebel’s  Contact 
OnDemand  package. 


Tools  Bridge  IT,  Operations 


New  products 
manage  enterprise 
apps,  service  levels 

BY  HEATHER  HAVENSTEIN 

endors  ARE  offering 
tools  they  say  will 
help  bridge  the  gap 
between  develop¬ 
ment  and  IT  operations  and 
ease  angst  about  management 
of  distributed  applications. 

Mercury  Interactive  Corp. 
next  week  is  set  to  unveil  a 
diagnostic  tool  that  company 
executives  said  will  allow  IT 
departments  to  identify,  diag¬ 
nose  and  resolve  problems 
across  J2EE,  .Net,  ERP  and 
CRM  applications. 

The  Diagnostics  3.0  tool  will 
provide  application  testers  and 
IT  operations  with  one  tool  to 
manage  performance  as  enter¬ 
prises  move  applications  to 
distributed  platforms,  said 
Ramin  Sayer,  director  of  prod¬ 
uct  marketing  at  Mountain 
View,  Calif.-based  Mercury. 

“Overall,  what  bridges  these 
two  groups  ...  is  the  need  to 
manage  end-to-end  service 


NEW  PRODUCTS 


Tools  for  Harnessing 
Distributed  Apps 


Mercury’s  Diagnostics  3.0 

is  designed  to  identify,  diagnose 
and  resolve  problems  across 
J2EE,  .Net,  ERP  and  CRM  appli¬ 
cations.  Gives  application  testers 
and  IT  operations  a  single  tool 
for  performance  management. 

Interwoven  Content  Pro¬ 
visioning  includes  hub  server 
software  for  application  code 
and  configurations,  file  and 
database  content.  Interwoven’s 
OpenDeploy  server  makes  it 
easy  to  aggregate  and  distribute 
code  and  content  to  Web,  file, 
database  or  application  servers, 
or  network-edge  devices. 

Compuware’s  Strobe  3.2  and 
iStrobe  2.1  are  designed  to 
help  users  manage  performance 
of  distributed  applications  that 
access  DB2  on  mainframes  to 
prevent  performance  degrada¬ 
tion  as  the  amount  of  data  in 
DB2  increases. 


performance  . . .  and  to  be  able 
to  proactively  detect  and  re¬ 
solve  problems,”  he  said. 

SmartMoney.com  uses  the 
Mercury  Managed  Services 
hosted  system  for  monitoring 
the  performance  of  its  external 
Web  sites  and  for  the  applica¬ 
tion  service  provider-based 
portfolio  management  and 
investment  tools  it  provides 
to  clients.  The  diagnostic 
tools,  which  will  include  Mer¬ 
cury’s  new  offering,  allow 
SmartMoney  to  troubleshoot 
application  issues  before  they 
become  problems  to  end  users, 
said  A1  Castrillon,  manager 
of  technical  operations  at 
the  New  York-based  firm. 

“You  don’t  want  to  restrict 
your  development  team  to  a 
specific  platform  because  of 
your  monitoring  technology,” 
he  said. 

Dana  Gardner,  an  analyst  at 
The  Yankee  Group  in  Boston, 
said  that  before  the  unified 
Mercury  tool,  enterprises  were 
forced  to  choose  among  tools 
for  monitoring  application 
performance  based  on  plat¬ 
form  and  type  of  application. 

To  help  organizations  man¬ 
age  code  and  content  changes 
in  distributed  environments, 
Interwoven  Inc.  in  Sunnyvale, 
Calif.,  this  week  will  roll  out  its 
Interwoven  Content  Provision¬ 
ing  suite.  The  suite  is  designed 
to  let  enterprises  standardize 
how  code  and  content  changes 
are  aggregated,  synchronized 
and  deployed  in  complex  Web 
application  environments. 

Blue  Cross  and  Blue  Shield 
of  Massachusetts  Inc.  is 
rolling  out  all  the  products  in 
Interwoven’s  new  suite  to  an¬ 
chor  the  organization’s  enter¬ 
prise  strategy  to  move  code 
and  content  across  applica¬ 
tions,  said  Frank  Enfanto,  vice 
president  of  operations  deliv¬ 
ery  and  information  security 
at  Blue  Cross.  “It  allows  you  to 
move  content  along  through 
different  environments  from 
development  to  staging  to  pro¬ 
duction  in  an  organized  and 
proper  workflow,”  he  said. 

Compuware  Corp.  late  last 
month  announced  new  ver¬ 
sions  of  its  application  perfor¬ 


mance  management  technol¬ 
ogy.  Executives  said  it  will 
help  companies  manage  the 
performance  of  distributed  ap¬ 
plications  that  access  IBM’s 
DB2  on  mainframes. 

Compuware  Strobe  3.2  pin¬ 
points  which  SQL  statements 
are  using  the  most  available 
CPU  space  or  have  delayed  re- 


OmniSwitch  6800L 

Alcatel  SA 

■  PRODUCT  SUMMARY:  Alca¬ 
tel  today  plans  to  introduce  two 
versions  of  a  corporate-class 
switch  that  can  be  upgraded  from 
10/100  Ethernet  transmission 
rates  to  Gigabit  Ethernet  via  soft¬ 
ware  that’s  built  in  but  not  turned 
on.  The  Paris-based  company 
said  the  stackable  OmniSwitch 
6800L  switches  support  24  or  48 
ports  and  are  suitable  for  small 
data  centers  or  wiring  closets  at 
the  edges  of  corporate  networks, 
plus  in  installations  where  Gigabit 
Ethernet  speeds  to  the  desktop 
are  desirable.  Users  can  also  buy 
a  software  key  to  upgrade  to  Gi¬ 
gabit  Ethernet  without  needing 
additional  hardware. 

■USER  EXPERIENCE:  Salem 
State  University  in  Salem,  Mass., 
plans  to  buy  several  6800L 
switches  for  use  in  wiring  closets 
in  four  buildings,  said  Brian  Hel- 
man,  the  school’s  director  of  net¬ 
working.  Helman  said  that  be¬ 
cause  he  isn’t  sure  when  he  will 
need  to  turn  on  the  Gigabit  Ether¬ 
net  capability,  the  software  up¬ 
grade  being  offered  by  Alcatel  is  a 
welcome  feature.  "The  software 
key  is  good  future-proofing,”  he 
said.  Salem  State  started  using 
Alcatel  equipment  in  late  2003  af¬ 
ter  3Com  Corp.  stopped  making 
the  switches  that  the  school  had 
been  using,  Helman  said.  About 
two  months  ago,  he  bought  a 
standard  OmniSwitch  6800, 
which  was  introduced  in  Decem¬ 
ber  and  supports  Gigabit  Ethernet 

Alcatel’s  OmniSwitch  6800L 


sponse  turned  on,  allowing 
users  to  identify  where  prob¬ 
lems  are  occurring.  And 
iStrobe  2.1  lets  users  measure 
the  performance  of  applica¬ 
tions,  the  Detroit-based  com¬ 
pany  said.  ©  53517 


MORE  ONLINE 

IBM  adds  a  version  of  WebSphere  for 
z/OS-based  mainframes: 

QuickLink  53520 
www.computerworld.com 


rates  with  10  Gigabit  Ethernet  up¬ 
links.  Helman  is  using  the  device 
to  run  tape  backups  for  a  data 
center,  and  he  said  it’s  performing 
superbly.  Helman  acknowledged 
that  Alcatel  doesn't  have  a  big 
presence  in  the  U.S.  “They  are  un¬ 
known,  which  is  a  little  bit  of  a 
risk,  but  choosing  them  has 
proven  to  be  correct,”  he  said. 
“They’re  much  more  responsive 
than  other  vendors.” 

■ANALYST  ASSESSMENT: 

Zeus  Kerravala,  an  analyst  at  The 
Yankee  Group  in  Boston,  said  the 
6800L's  software  upgrade  capa¬ 
bility  is  a  “truly  unique”  feature. 

“It  offers  flexibility  for  people  not 
sure  when  to  upgrade  to  1  Giga¬ 
bit,”  he  said.  The  6800L  also  is 
less  expensive  than  the  similar- 
size  Catalyst  3750  switch  from 
Cisco  Systems  Inc.,  according  to 
both  Alcatel  and  Kerravala.  But 

. 

Kerravala  questioned  how  well  the 
products  will  be  received  by  U.S.- 
based  users.  “Alcatel’s  problem  is 
they  have  no  brand  recognition  in 
the  U.S.,”  he  said.  “They’re  mainly 
known  as  a  French  company  that 
makes  carrier-class  equipment.” 

■OTHER  VENDORS  IN  THIS 
MARKET:  Cisco,  Extreme  Net¬ 
works  Inc.  and  Foundry  Networks 
Inc.,  among  others. 

■  PRICE:  Starts  at  $3,295  for 
the  24-port  switch  and  $4,795  for 
the  48-port  model.  The  software 
key  for  upgrading  to  Gigabit  Eth¬ 
ernet  starts  at  $2,395. 

I  ■  AVAILABLE:  Now  ©  53532 

-Matt  Hamblen 


NEW  PRODUCT 


Alcatel  Switches  Offer 
Software  Key  for  Upgrades 


When  the  Bakers  of  Entenmann’s 


ENTENMANN’S®  BAKERIES  AND  AT&T 
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needed  to  make  sure  the  shelves  were  stocked  full  with  only  the  freshest 
product,  they  headed  straight  for  the  world’s  networking  company.  Now, 
with  networking  solutions  from  AT&T,  Entenmann’s  Bakeries  can  receive 
detailed  sales  information  from  thousands  of  retail  stores,  utilize  that 
information  to  identify  the  products  needed,  transmit  the  data  to 
regional  bakeries,  and  dispatch  trucks  to  fill  the  shelves  with  fresh  pastry 
even  before  it  has  a  chance  to  coo 
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helped  Entenmann’s  transform  its  business,  go  to: 
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Tough  Privacy  Law 
Debuts  in  Japan 

TOKYO 

ANY  COMPANIES  throughout 
Japan,  including  foreign  ones, 
will  have  to  comply  with  a 
stringent  new  data  privacy  law  that 
went  into  effect  April  1. 

The  Personal  Information  Protec¬ 
tion  Law  applies  to  any  company  that 
has  offices  in  Japan  and  holds  personal 
data  on  5,000  or  more  individuals,  in¬ 
cluding  employees,  according  to 
Kazuhito  Masui,  an  attorney  at  Shiba 
International  Law  Offices  in  Tokyo. 
Under  the  law,  personal  data  includes 
a  person’s  name,  address,  date  of  birth, 
sex,  and  home  and  mobile  phone  num¬ 
bers.  E-mail  addresses  are 
also  covered  if  they’re 
recognizable  as 
a  person’s  name. 

Masui  said  the  law  re¬ 
quires  companies  to  des¬ 
ignate  a  corporate  privacy 
officer,  take  security  mea¬ 
sures  to  prevent  data 
from  being  leaked  or 
stolen,  and  obtain  con¬ 
sent  from  individuals  be¬ 
fore  using  personal  infor¬ 
mation  for  any  purpose 


other  than  the  ones  originally  stated 
when  the  data  was  collected. 

The  law  also  sets  possible  fines  of 
up  to  300,000  yen  ($2,804  U.S.)  and  jail 
sentences  of  up  to  six  months  for  data 
managers  who  don’t  comply,  Masui 
said. 

■  PAUL  KALLENDER,  ID6  NEWS  SERVICE 


Software  AG,  Rivet 
Offer  XBRL  Software 

D0SSELDORF,  GERMANY 

oftware  AG,  in  Darmstadt,  Ger¬ 
many,  and  Rivet  Software  Inc.,  in 
Englewood,  Colo.,  last  week  an¬ 
nounced  a  partnership  to  provide  soft¬ 
ware  for  recording  and  transmitting  fi¬ 
nancial  information  based  on  the  Ex¬ 
tensible  Business  Report¬ 
ing  Language  (XBRL) 
standard. 

Users  of  Software  AG’s 
Digital  Reporting  Plat¬ 
form  will  be  able  to  use 
Rivet’s  Dragon  Tag  soft¬ 
ware  to  convert  financial 
information  in  Microsoft 
Word  and  Excel  formats 
into  XBRL  documents, 
the  vendors  said. 

XBRL  uses  XML  data 
tags  so  that  financial  data 


can  be  electronically  extracted  and  ex¬ 
changed  for  efficient  financial  report¬ 
ing.  Tax  authorities  in  Belgium,  the 
Netherlands  and  the  U.K.  plan  to  start 
requiring  that  financial  documents  be 
filed  in  XBRL  within  the  next  two 
years.  The  U.S.  Securities  and  Ex¬ 
change  Commission  will  begin  accept¬ 
ing  voluntary  filing  of  XBRL  docu¬ 
ments  this  month. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 


RFID  Doesn’t  Deliver 
What  FedEx  Needs 

SYDNEY,  AUSTRALIA 

adio  frequency  identification 
(RFID)  technology  is  a  long  way 
from  meeting  the  demanding 
standards  of  FedEx  Corp.,  one  of  the 
courier’s  IT  executives  said  at  the 
Wireless  Enterprise  World  conference 
here  last  month. 

Linda  Brigance,  CIO  at  FedEx  Asia 
Pacific,  a  regional  unit  based  in  Hong 
Kong,  said  the  company’s  tests  of  RFID 
devices  show  scanning  failure  rates  as 
high  as  25%.  “We  get  99.9%  accuracy  in 
the  scanning  of  bar  codes,  so  anything 
less  than  that  is  really  a  step  back  in 
our  business  —  it’s  not  something  we 
want  to  do,”  she  said.  “We  want  to  wait 
and  see  when  RFID  gets  the  same  ac¬ 
curacy  rate.”  ©  53477 
■  JULIAN  BAJK0WSKI, 

C0MPUTERW0RLD  TODAY  (AUSTRALIA) 


Compiled  by  Mitch  Betts. 


GLOBAL  FACT 


A  new  top-level  Internet 
domain  for  businesses 
and  individuals  in  the 
European  Union  that  has 
been  approved  by  the 
Internet  Corporation 
for  Assigned  Names 
and  Numbers. 

SOURCE:  IDG  NEWSSERVICE 


Briefly  Noted 

Toshiba  Corp.  has  developed 
prototype  batteries  that  can  be 
recharged  about  60  times  faster 
than  conventional  lithium-ion  bat¬ 
teries.  The  technology  could  be 
available  for  notebook  PCs  and 
handheld  devices  in  about  three 
years,  executives  said  last  week. 

■  PAUL  KALLENDER, 

IDG  NEWS  SERVICE 


Computer  Sciences  Corp.  in  El 
Segundo,  Calif.,  last  month  signed  a 
five-year,  $17.6  million  IT  contract 
with  Shanghai-based  China  Pacific 
Property  Insurance  Co.  The  insurer, 
which  has  about  26,000  employees 
and  1,700  offices,  will  install  CSC’s 
FutureFirst  insurance  administra¬ 
tion  system. 


Ness  Technologies  Inc.,  a  global 
IT  outsourcing  company  in  Hacken¬ 
sack,  N.J.,  last  week  announced 
that  it  will  acquire  Radix  Co.,  an 
IT  services  firm  with  offices  in 
Bucharest  and  Iasi,  Romania,  for 
3  million  euros  ($5.2  million  U.S.). 
Radix,  whose  clients  include  major 
enterprises  such  as  Romania’s  na¬ 
tional  electric  utility  and  national 
railway,  will  become  a  subsidiary. 


U.K.  Gov’t  Withholds  $25M  From  EDS 


BY  LAURA  ROHDE 

Electronic  Data  Systems  Corp. 
is  continuing  to  experience 
problems  with  a  welfare  case 
management  and  telephony 
system  it  developed  for  the 
U.K.  government.  As  a  result, 
the  Plano,  Texas-based  com¬ 
pany  is  having  a  hard  time  get¬ 
ting  paid  for  its  work  on  the 
project,  which  is  now  expect¬ 
ed  to  cost  $860.9  million. 

As  it  continues  to  work  with 
EDS  to  get  the  system  for  the 
Child  Support  Agency  (CSA) 
fully  operational,  the  Depart¬ 
ment  of  Work  and  Pensions 
(DWP)  has  withheld  $25  mil¬ 
lion  in  payments  to  EDS  over 
the  past  two  years,  according 
to  the  minister  in  charge  of 
the  department. 

Though  there  has  been 
some  progress  in  developing 


new  computer  and  telephony 
systems,  some  significant 
problems  remain  that  “contin¬ 
ue  to  slow  progress  on  busi¬ 
ness  recovery,”  Alan  Johnson, 
secretary  of  state  for  the  de¬ 
partment,  said  in  the  latest 
House  of  Commons  Parlia¬ 
mentary  Select  Committee 
progress  report.  The  commit¬ 
tee  is  charged  with  oversight 
of  the  department. 

“The  department  continues 
to  retain  substantial  payments 
from  EDS,”  Johnson  said. 
“[Annual  payments  are]  deter¬ 
mined  by  the  contract  and 
linked  to  service  levels  and 
to  the  degree  of  functionality 
delivered.”  Based  on  those 
criteria,  the  agency  withheld 
$25.1  million  in  payments  due 
to  EDS,  he  said. 

EDS  is  disputing  the  with¬ 


holding  of  funds,  the  company 
said  in  a  statement.  A  spokes¬ 
woman  for  EDS  declined  to 
clarify  whether  EDS  was  out 
of  pocket  for  the  payment  or  if 
it  could  recoup  the  money  at  a 
later  date. 

Implementation  Hurdles 

The  computer  system  for  the 
CSA,  which  has  been  delaying 
payments  to  tens  of  thousands 
of  single  parents,  was  launched 
in  March  2003,  two  years  be¬ 
hind  schedule  and  $483.2  mil¬ 
lion  over  budget.  It  involves  a 
Java-based  application  devel¬ 
oped  by  EDS.  The  latest  pro¬ 
jected  10-year,  $860.9  million 
price  tag  is  up  from  the  $806.5 
million  price  projected  last 
summer  [QuickLink  49221], 

A  DWP  spokeswoman  said 
that  because  of  the  ongoing 


contractual  issues,  she  could 
not  comment  further. 

In  July,  the  Select  Commit¬ 
tee  issued  a  scathing  report 
that  characterized  the  EDS 
system  as  an  “appalling  waste 
of  public  money”  and  called 
for  the  entire  system  to  be 
dumped  if  it  was  not  fully 
operational  by  Dec.  1,  2004. 

In  November,  Johnson  said 
he  was  considering  the  “nucle¬ 
ar  option”  of  pulling  the  plug 
on  the  system.  But  in  last 
month’s  assessment,  Johnson 
appeared  to  back  away  from 
shutting  down  the  system. 

“An  Agency  Business  Trans¬ 
formation  Program  is  being 
developed,  which  will  contain 
short-term  tactical  initiatives 
and  also  places  significant  em¬ 
phasis  on  ensuring  medium- 
to  long-term  sustained  recov¬ 
ery,”  he  said. 

EDS  and  the  DWP  are  work¬ 
ing  closely  on  the  business 


transformation  program,  and 
the  system  is  now  providing 
service  to  over  620,000  cases, 
the  committee  said  in  its  re¬ 
port.  The  committee  was  told 
in  November  that  only  61,000 
out  of  478,000  single  parents 
had  received  payments  from 
the  system  and  that  a  total 
of  $1.4  billion  in  support  pay¬ 
ments  remained  uncollected 
[QuickLink  50982]. 

What  was  not  provided  was 
a  date  for  when  the  system  is 
expected  to  be  satisfactorily 
functional.  “The  absence  of  a 
confirmed  date  for  acceptable 
performance  by  the  CSA, 
while  understandable,  is  a 
major  shortcoming  in  the  gov¬ 
ernment’s  response,”  said  Sir 
Archy  Kirkwood,  chairman  of 
the  Work  and  Pensions  Select 
Committee.  ©  53508 


Rohde  writes  for  the  IDG 
News  Service. 


WE’RE  PUTTING  COMPUTER 
R&D  WHERE  IT  BELONGS. 
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PRIMEPOWER"  Servers  LifeBook'  Notebooks 


Dancing  robots  and  Artificial  Intelligence  make  great  press 
release  material,  but  what  exactly  do  they  do  to  improve 
your  business? 

At  Fujitsu,  we’re  concerned  with  R&D  that  helps 
CIOs  run  their  business  more  efficiently.  In  fact,  we  invest 
billions  of  dollars  annually  in  developing  technology  solu¬ 
tions  and  providing  the  right  products  for  our  customers 
to  achieve  maximum  enterprise  performance.  This  R&D 
effort  is  the  foundation  of  the  Fujitsu  PRIMEPOWER 
and  PRIMERGY®  server  lines,  which  deliver  mission-critical 
reliability,  availability  and  serviceability. 

Thanks  to  our  real-world  R&D  philosophy,  we've 
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mobile  computers,  scalable,  reliable  servers,  and  managed 
and  professional  services  they  need. 
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us.fujitsu.com/computers/RD  or  call  I -800-83 1 -3 1 83. 
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HP  CEO 

Tyler  Best,  CIO  at  Van¬ 
guard  Car  Rental  USA  Inc.,  a 
Tulsa,  Okla.-based  company 
that  owns  the  National  and 
Alamo  car  rental  brands, 
urged  Hurd  to  fully  engage 
users  and  find  out  what 
they’re  expecting  from  HR 
Over  the  past  few  years,  the 
vendor’s  concentration  has  all 
too  often  been  focused  in¬ 
ward,  Best  said. 

“It’s  imperative  not  to  lose 
touch  with  what’s  important 
to  the  customer,”  he  said. 

During  his  press  confer¬ 
ence  and  an  earlier  confer¬ 
ence  call  with  financial  ana¬ 
lysts,  Hurd  said  little  about 
how  he  may  shape  HP’s  strat¬ 
egy.  He  vowed  to  keep  “a  re¬ 
lentless  focus”  on  meeting  the 
needs  of  users.  But  he  will 
also  be  focused  on  results,  he 
added,  saying  that  his  man¬ 
agement  philosophy  “reflects 
a  fundamental  belief  in  cost 
discipline  and  focused  invest¬ 
ment”  in  initiatives  that  have 
strong  growth  potential. 

Users  Uncertain 

Denys  Beauchemin,  a  director 
of  the  100,000-member  Interex 
HP  user  group,  said  he  is  wor¬ 
ried  that  in  order  to  cut  costs, 
the  new  CEO  will  shorten  the 
end-of-life  road  maps  on  prod¬ 
ucts  such  as  the  HP  e3000 
midrange  line  and  the  compa¬ 
ny’s  Alpha-based  systems. 

Beauchemin,  who  is  a  sys¬ 
tems  migration  consultant  at 
Austin-based  IT  services  firm 
Sector7  USA  Inc.,  added  that 
he  thinks  HP  has  strayed  from 
the  deep  engineering  roots  es¬ 
tablished  by  its  founders. 

Hurd,  who  had  spent  the 
past  25  years  at  NCR  and  had 
been  its  CEO  since  March 
2003,  is  relatively  unknown  to 
HP  users.  Most  of  the  cus¬ 
tomers  interviewed  last  week 
said  they  didn’t  know  enough 
about  Hurd  to  have  an  opinion 
about  his  ability  to  lead  HP. 
That  corresponded  with  the 
results  of  an  informal  poll  on 
Computerworld’ s  Web  site,  in 
which  64%  of  the  235  people 
who  had  responded  as  of  Fri¬ 
day  afternoon  said  it  was  too 
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Hurd’s  Track  Record  at  NCR 


■  JANUARY:  NCR  discloses  that  it  lost  $220M 
in  2002  as  annual  revenue  tell  by  6°/o. 


■  MARCH:  Hurd  is  promoted  from  presi¬ 
dent  and  chief  operating  officer  to  CEO. 


JANUARY:  After  exceeding 
its  plan  in  all  four  quarters  of 
2003,  NCR  reports  an  annual 
profit  of$58M. 


■  JULY:  NCR  says  it  returned  to 
profitability  in  the  second  quarter. 


APRIL:  The  company 
raises  its  financial 
forecast  for  the  year 
as  a  whole. 


JAN.  23, 2003 

NCR  STOCK  PRICE:  $9.88 
$19.60 


MARCH: . 

Hurd  is  named 
president  and 
CEO  of  HP, 
effective  April  1. 


JANUARY: 

NCR  reports  a  2004 
profit  of  S285M  on 
revenue  of  $6B,  up 
7%  year  over  year. 


MARCH  28, 2005 

NCR  STOCK  PRICE:  $39.45 
$19.79 


soon  to  tell  whether  Hurd’s 
hiring  was  a  good  move. 

Members  of  HP’s  board  cited 
the  need  for  a  more  hands-on 
executive  when  Fiorina  was 
ousted  in  February.  They  were 
drawn  to  Hurd  by  the  fact  that 
NCR’s  Financial  results  and 
stock  price  improved  signifi¬ 
cantly  after  he  began  running 
that  company  (see  timeline). 

Frank  Gillett,  an  analyst  at 
Forrester  Research  Inc.,  said 
Hurd  “has  demonstrated  a  lot 
of  operational  skills  —  the 


ability  to  make  tough  deci¬ 
sions  and  cut  costs.” 

“If  you  look  at  the  track 
record,  he  took  a  company 
that  was  floundering  and  took 
it  to  where  it’s  a  very  healthy 
company,”  said  Sam  Bhavnani, 
a  La  Jolla,  Calif.-based  analyst 
at  Current  Analysis  Inc. 

But  to  succeed  at  HP,  Hurd 
will  have  to  keep  users  such  as 
Ashok  Bakhshi  satisfied.  The 
IT  director  at  Schindler  Eleva¬ 
tor  Corp.  in  Morristown,  N.J., 
said  HP  needs  to  differentiate 


itself  by  bundling  more  ser¬ 
vices  with  its  hardware. 

He  also  said  that  the  com¬ 
pany  should  add  more  value 
to  its  products.  For  example, 
Bakhshi  said  he  would  find  it 
helpful  if  HP  preconfigured  its 
PCs  with  applications  such  as 
SAP  AG’s  ERP  client. 

Hurd  will  also  have  to  ad¬ 
dress  the  concerns  of  users 
like  Ron  Horner,  an  e3000 
user  and  legacy  systems  su¬ 
pervisor  at  Lady  Remington 
Jewelry  in  Bensenville,  Ill. 


Horner  said  Fiorina  did  a  lot 
to  alienate  the  e3000  installed 
base  by  stopping  sales  of  the 
systems  in  2003  and  holding 
off  on  responding  to  a  propos¬ 
al  to  turn  over  the  source  code 
for  the  e3000’s  MPE  operating 
system  to  a  third  party.  “HP 
has  got  to  formally  decide 
what  they  are  ultimately  going 
to  do  with  MPE,”  Horner  said. 

But  while  some  customers 
are  unhappy  with  the  changes 
at  HP  in  recent  years,  others 
aren’t.  Tom  Freeman,  CIO  for 
the  city  of  Roseville,  Calif., 
said  he  thinks  HP’s  acquisition 
of  Compaq  Computer  Corp.  in 
2002  changed  its  culture  to  a 
more  customer-centric  one. 

“We  saw  a  big  change  in 
HP  that,  to  me,  was  positive,” 
Freeman  said,  adding  that  he 
hopes  Hurd  will  keep  a  close 
focus  on  customers  and  con¬ 
tinue  to  invest  in  new  prod¬ 
ucts  such  as  HP’s  digital  pen 
technology.  ©  53530 


Tom  Krazit  of  the  IDG  News 
Service  contributed  to  this  story. 


OUR  TAKE 

Don  Tennant  writes  that  HP  was  wise  to 
avoid  another  celebrity  CEO  -  and  that 
Hurd  would  be  wise  to  buy  Novell.  Page  18 

Frank  Hayes  says  Hurd  needs  to  do  some 
listening  before  taking  action  to  clean  up 
the  “mess”  he’s  inheriting.  Page  50 
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Hurd’s  Paper  Trail  Puts  Premium  on  Knowing  Customers 


IN  A  SENSE,  Hewlett-Packard’s 
new  CEO,  Mark  Hurd,  is  an  open 
book.  He  co-authored  one  last 
year  outlining  his  belief  that  un¬ 
derstanding  customers  is  critical 
in  a  time  when  “virtually  every 
industry  is  commoditizing.” 

In  The  Value  Factor:  How 
Global  Leaders  Use  Information 
for  Growth  and  Competitive 
Advantage  (Bloomberg  Press, 
2004),  Hurd  and  NCR  Chairman 
Lars  Nyberg  said  the  key  differ¬ 
entiator  for  companies  in  the  cur¬ 
rent  market  environment  is  infor¬ 
mation:  knowing  customers’ 
wants  and  needs. 

“We  don’t  go  to  the  corner 
diner  for  the  best  food.  We  go 
because  they  know  us  and  we 
don’t  even  have  to  look  at  the 
menu,”  wrote  Hurd  and  Nyberg, 
who  was  NCR’s  CEO  before  Hurd 


was  given  that  job.  “The  value  of 
knowing  our  customers  rolls  up 
from  the  corner  diner  to  the 
largest  corporations.” 

Hurd  appeared  to  practice 
what  he  preached  at  NCR,  said 
Tom  Jung,  a  member  of  the  board 
of  the  Midwest  regional  user 
group  for  NCR’s  Teradata  data 
warehousing  technology. 

Jung,  who  is  an  adviser  to  the 
IT  database  administration  group 
at  WellPoint  Inc.  in  Thousand 
Oaks,  Calif.,  said  he  felt  that  NCR 
officials  paid  sufficient  attention 
to  customers  and  user  groups 
under  Hurd’s  leadership.  Dayton, 
Ohio-based  NCR  often  sent  top 
officials  to  his  regional  user 
group’s  meetings,  Jung  noted. 

In  their  book,  Hurd  and  Nyberg 
also  wrote  about  the  need  to  in¬ 
novate.  But  former  NCR  employ¬ 


ee  Robert  A.  Nisbet,  a  scientist 
who  led  some  data  mining  re¬ 
search  efforts  at  the  Teradata  di¬ 
vision  when  Hurd  was  heading  it, 
said  Hurd  isn’t  one  to  continue 
supporting  technology  that  re¬ 
quires  long-term  development. 
“If  he  doesn’t  see  immediate  and 
significant  feedback  in  terms  of 
revenue  after  a  couple  of  years, 
he’s  likely  to  pull  the  plug,”  said 
Nisbet,  who  left  NCR  in  2000 
and  is  now  a  private  consultant. 

During  his  press  conference 
at  HP’s  headquarters  last  week, 
Hurd  deflected  questions  about 
his  plans  for  HP  and  didn’t  say 
whether  he  would  reduce  its 
workforce,  which  now  stands  at 
about  150,000,  or  move  U.S.- 
based  jobs  offshore.  But  Hurd 
was  hired  to  make  changes. 

“I  believe  in  an  execution- 


oriented  culture,”  Hurd  said.  “I 
believe  in  setting  clear  goals,  im¬ 
plementing  tactical  plans  and 
holding  people  accountable.” 

And  he  acknowledged  that  HP 
needs  some  repairs.  Although 
HP  is  "fundamentally  sound"  and 
a  leader  in  many  technology  and 
services  categories,  Hurd  said,  “it 
is  also  clear  that  the  company  is 
not  performing  to  its  potential.” 

Zeus  Kerravala,  an  analyst  at 
The  Yankee  Group  in  Boston, 
called  Hurd  an  unexpected 
choice  to  head  HP. 

“NCR  is  a  small  company,  but 
I’ve  heard  that  he’s  really  good  at 
sales  and  marketing,  and  that’s 
what  HP  needs,”  Kerravala  said. 
“HP  touches  so  much  of  the  en¬ 
terprise  that  they  need  to  have  a 
unique  brand  identity.  That’s  his 
biggest  challenge.” 

-  Patrick  Thibodeau 
and  Matt  Hamblen 
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Imagine  your  applications  -  both  legacy  and 
new  -  performing  together  as  an  ensemble. 

That  vision  can  become  a  reality  surprisingly 
quickly  with  Ensemble™  -  the  universal  integra¬ 
tion  platform  with  all  the  functionality  needed  to 
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Much  more  than  a  messaging  engine, 
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ment  and  management  of  composite  applications 
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Ensemble  is  breakthrough  software  from 
InterSystems,  a  global  company  with  over  25 
years  of  experience  deploying  and  supporting  high 
performance  data  management  products  in  more 
than  100,000  systems,  in  88  countries. 

We’re  so  confident  that  Ensemble  is  dramatically 
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DON  TENNANT 


After  the  Afterglow 


I’VE  BEEN  RACKING  MY  BRAIN  trying  to  re¬ 
member  if  Tve  ever  met  Mark  Hurd,  the  for¬ 
mer  CEO  of  NCR  who  last  week  was  named 
the  new  CEO  of  Hewlett-Packard.  I  believe 
I  must  have,  because  I  spent  some  time  at 
NCR’s  headquarters  in  Dayton,  Ohio,  back  in  1996  to 
interview  then-CEO  Lars  Nyberg  and  some  other 
NCR  hotshots.  Hurd,  a  25-year  NCR  veteran,  was 


already  a  rising  star,  so 
chances  are  I  interviewed 
him  or  at  least  bumped 
into  him.  But  darned  if  I 
can  remember. 

I  know  I  wasn’t  the  only 
one  scratching  my  head 
last  week.  No  doubt  there 
were  as  many  variations 
of  the  “never  heard  of 
Hurd”  quip  in  your  office 
as  there  were  in  ours.  And 
if  you  Googled  “Mark 
Hurd”  for  some  help,  you 
had  to  sift  through  references  to  guys 
like  the  “college  student,  mountain 
biker  and  all-around  geek  living  in 
Dallas,  Texas”  in  order  to  find  any¬ 
thing  on  HP’s  new  CEO.  He  doesn’t 
stand  out  in  a  crowd. 

And  that  in  itself  is  testimony  to 
the  wisdom  of  HP’s  board.  It  didn’t 
cave  in  to  expectations  that  HP  would 
seek  a  celebrity  CEO  who  wouldn’t 
disappear  in  the  afterglow  of  Carly 
Fiorina.  Hurd’s  appointment  demon¬ 
strates  that  the  board  learned  its  les¬ 
son  from  going  the  celebrity  route. 

Hurd  may  not  have  made  it  onto  a 
lot  of  magazine  covers,  but  he  has 
proved  that  he  knows  how  to  turn  a 
faltering  company  around.  Consider 
this:  In  2002,  NCR  reported  a  net 
loss  of  $220  million;  in  2003,  Hurd 
took  the  CEO  reins  from  Nyberg; 
and  in  2004,  NCR  reported  a  net 
profit  of  $290  million. 

Hurd  also  has  three  years  as  head 
of  NCR’s  Teradata  data  warehousing 
division  under  his  belt  and  is  widely 
credited  with  its  current  success:  In 
January,  Teradata  reported  fourth- 
quarter  revenue  of  $420  million,  up 
14%  from  the  same  quarter  a  year  ear- 
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lier.  Those  are  the  sorts 
of  numbers  that  capture 
the  attention  of  compa¬ 
nies  that  are  on  the  prowl 
for  a  CEO.  And  I  have  a 
hunch  that  the  fact  that 
Hurd  had  Teradata  on  his 
resume  wasn’t  lost  on 
HP’s  prowling  board. 

HP  needed  a  CEO  who 
knows  the  software  busi¬ 
ness.  When  Fiorina  got 
the  boot,  I  argued  that 
her  successor  would 
need  to  mold  the  company  more  in 
the  image  of  IBM,  with  a  strong  con¬ 
sulting  business.  A  stronger  software 
business  is  a  prerequisite  for  that 
and  will  be  vital  to  HP’s  health.  So 
Hurd  clearly  has  a  mandate:  Give  HP 
a  software  future. 

It’s  difficult  to  imagine  that  future 
without  a  much  more  compelling 


Linux  vision  than  what  HP  has  now. 
And  if  I  were  Hurd,  I’d  focus  that  vi¬ 
sion  squarely  on  Novell. 

Novell’s  decision  two  years  ago 
to  adopt  Linux  as  its  NetWare  migra¬ 
tion  path  was  the  single  most  bril¬ 
liant  move  by  any  technology  vendor 
in  the  past  five  years.  Almost  over¬ 
night,  that  move,  encompassing  as 
it  did  the  acquisitions  of  SUSE  and 
Ximian,  rescued  Novell  from  a  pe¬ 
ripheral  existence  dependent  on  the 
stubbornness  of  an  aging  band  of 
NetWare  die-hards.  It  transformed 
the  company  into  one  of  the  most 
formidable  bastions  of  Linux  tech¬ 
nology  on  the  planet. 

But  nothing  is  forever,  and  with 
the  recent  exits  of  Vice  Chairman 
Chris  Stone  and  CTO  Alan  Nugent, 
Novell  lacks  the  leadership  it  needs 
to  fend  off  suitors.  HP  needs  to  grab 
Novell  soon,  because  if  it  doesn’t, 
IBM  just  might. 

Don’t  forget  that  Fiorina  lost  the 
consulting  unit  of  Pricewaterhouse- 
Coopers  to  IBM  in  2002.  Losing 
Novell  to  IBM  is  the  last  thing  HP 
needs  you  to  read  about  when  you 
Google  “Mark  Hurd.”  ©  53483 
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BRUCE  A.  STEWART 

The  Changes 
To  Come  in 
Five  Years 

UPON  HER  appoint¬ 
ment  in  2010  as  CIO 
and  chief  operating 
officer,  an  IT  manager  looks 
back  on  the  past  five  years  in 
the  field: 

It’s  hard  to  believe  how  much  has 
changed  in  IT  since  2005.  Why,  I  can 
hardly  recognize  the  place! 

It’s  hard  to  put  my  finger  on  exactly 
what  drove  all  the  change.  Was  it  the 
tightening  labor  market  for  legacy 
skills  that  finally  forced  us  to  act?  Was 
it  the  turmoil  of  vendor  after  vendor 
merging,  changing  forever  our  product 
mix?  Was  it  our  management  tools? 

Those  are  all  a  part  of  the  story,  but 
in  the  end,  I’d  have  to  borrow  a  phrase 
from  Sherlock  Holmes  and  say  that 
what  really  drove  the 
change  was  the  dog 
that  didn’t  bark. 

Since  2005,  there 
really  hasn’t  been 
that  much  change 
in  the  technology 
world.  Rather,  what’s 
changed  is  how  IT 
decisions  are  made. 

That  wave  of  re¬ 
tirements,  for  in¬ 
stance,  and  the  sub¬ 
sequent  dearth  of 
legacy  skills  finally 
forced  the  issue  of 
application  reinvest¬ 
ment.  It  was  a  tough 
fight  convincing  the 
business  side  that  the  shelf  life  of  soft¬ 
ware  isn’t  infinite.  But  as  we  showed 
how  our  portfolio  was  absorbing  more 
costs  with  no  more  return  —  and  as 
those  emergency  contractor  calls  to 
keep  things  moving  started  to  add  up 
—  the  point  was  driven  home. 

The  vendor  consolidation  helped 
too.  How  many  times  in  the  past  five 
years  have  we  had  to  deal  with  prod¬ 
ucts  we  liked  being  taken  over  by  com¬ 
panies  we  didn’t?  We  got  burned  a  few 
times  as  well  when  vendors  promised 
to  keep  our  products  going  and  then 
just  abandoned  development.  It  got  us 
thinking  about  how  to  protect  our¬ 
selves,  and  that  finally  opened  the 
door  for  an  architected  future  built 
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around  Web  services.  Now,  when  one 
of  our  vendors  is  taken  out  of  the 
game,  it’s  easier  to  shift  suppliers. 

And  some  of  those  liability  suits 
brought  against  the  software  suppliers 
helped  make  what  we  buy  work  better 
too.  Fortunately,  we  decided  to  learn 
how  to  do  sourcing  better  rather  than 
just  file  lawsuits  —  and  that’s  opened 
the  door  to  much  more  flexibility  in 
our  infrastructure. 

Now  that  we’re  more  services- 
driven,  we  couldn’t  keep  our  old  func¬ 
tional  application  teams.  They  just 
didn’t  make  sense  for  us  anymore.  So 
we  have  some  centers  of  excellence  to 
consolidate  key  skills,  some  services 
teams  and  some  enterprise  offices  (the 
program  office  is  really  helping  to  deal 
with  business  change,  and  the  business 
architecture  office  is  a  key  part  of  re¬ 
designing  the  company  as  a  whole). 
Our  relationship  managers  are  manag¬ 
ing  investment  flows  and  future  cost 
structures  for  whole  business  process¬ 
es  now. 

I  never  thought  I’d  have  legal  staff, 
consultants  and  so  many  external  man¬ 
agement  advisers  on  my  team,  but  we 
need  all  of  them,  especially  to  manage 
the  mix  of  services  we  buy  and  the  ser¬ 
vices  we’re  providing  both  to  the  com¬ 
pany  and  to  our  supply  chain  partners. 

I  was  approached  recently  to  change 
jobs.  But  not  even  a  million-dollar 
salary  could  get  me  to  go  back  and  run 
an  old-style  IT  organization  now.  Here, 
I  really  feel  as  though  I’m  running  a 
business  —  and  my  clients  think  so 
too.  It  was  a  tough  road,  but  here  in 
2010  I  think  we  finally  can  deliver  on 
the  promise  of  IT.  ©  53363 

MICHAEL  H.  HUGOS 

The  ‘Define, 
Design,  Build’ 
Approach 

NE  OF  THE  MOST  im¬ 
portant  and  complex 
things  an  IT  profes¬ 
sional  is  called  on  to  do  is  im¬ 
plement  new  systems.  This 
runs  the  gamut  from  rolling 

out  packaged  applications  to  creating 
custom  systems.  To  get  some  insight, 
let  me  draw  an  analogy  between  this 
and  another  activity  I  have  been 
deeply  involved  in  lately. 

My  wife  and  I  are  doing  a  major  re¬ 
modeling  job  on  our  house.  You  can 


call  us  the  “executive  spon¬ 
sors”  of  this  project.  It’s 
complicated,  so  we  hired  an 
architect.  We  also  hired 
contractors  to  do  the  con¬ 
struction  and  the  electrical 
and  plumbing  work.  We 
know  generally  what  we’d 
like,  but  the  architect  is  key 
to  making  it  a  reality.  His 
approach  is  to  clearly  de¬ 
fine  what  we  want,  design 
possible  solutions  and  then 
supervise  building  what  we 
choose.  He  doesn’t  tell  us 
what  to  do,  but  he  has  a  way 
of  influencing  our  deci¬ 
sions.  Whenever  we  jump 
to  conclusions,  we  make  de¬ 
cisions  that  cause  problems 
and  add  to  the  cost  later  on. 

Implementing  a  new  sys¬ 
tem  is  a  lot  like  building  or  remodeling 
a  house.  As  the  IT  guy,  I  play  the  role 
of  the  architect,  and  business  man¬ 
agers  are  the  homeowners.  I  encourage 
them  to  use  a  simple  approach,  and 
when  we  do,  we  are  successful.  When 
we  don’t,  I  usually  get  blamed  for 
things  going  wrong. 

In  any  systems  project,  there  are 
technology  issues  (over  which  I  have  a 
lot  of  control)  and  a  host  of  other  is¬ 


sues  that  fall  into  the  cate¬ 
gories  of  people  (meaning 
politics)  and  process 
(meaning  getting  people 
to  do  things  in  new  ways). 

I  have  no  control  there.  All 
I  can  do  is  exert  construc¬ 
tive  influence. 

Much  like  my  architect,  I 
use  a  basic  three-step  ap¬ 
proach  that  works  for  any 
system  implementation 
project.  In  the  first  step, 
called  “define,”  I  deal  with 
the  people  and  political  is¬ 
sues.  I  get  the  executive 
sponsors  to  state  clearly 
what  they  want  and  what 
the  performance  require¬ 
ments  are  that  the  system 
must  meet.  Then  we  agree 
on  a  conceptual  or  high- 
level  design  for  a  system  that  meets 
these  requirements.  I  estimate  what  it 
will  cost,  and  if  the  sponsors  decide 
that  the  benefits  of  the  system  still  out¬ 
weigh  the  costs,  then  the  project 
moves  on  to  the  next  step. 

That’s  “design,”  when  the  process  is¬ 
sues  are  worked  out.  Business  people 
who  will  use  the  system  work  with 
technical  people  who  will  build  it.  We 
figure  out  new  workflows  and  ways  to 


use  the  technology  to  meet  perfor¬ 
mance  requirements.  If  business  and 
technical  people  are  still  talking  to  one 
another  and  smiling  at  the  end  of  this 
step,  it  means  we  have  produced  a 
good  (or  good  enough)  design  that  will 
get  the  job  done. 

“Build”  is  the  biggest  and  most  ex¬ 
pensive  step  but  actually  the  least 
risky.  If  the  first  two  steps  were  done 
well,  I  have  the  most  control  here. 
Problems  will  arise,  but  they  will  be 
technical,  not  political  or  procedural. 
Technical  problems  have  technical  an¬ 
swers.  They  are  easy  compared  with 
political  and  procedural  problems. 

The  main  reason  why  people  hesi¬ 
tate  to  follow  this  approach  is  that  they 
think  it  will  become  too  time-consum¬ 
ing  or  bureaucratic.  I  respond  by 
showing  them  how  each  step  gets  work 
done  quickly  by  using  appropriate 
combinations  of  a  small  set  of  tech¬ 
niques.  I’ll  talk  about  those  techniques 
next  month.  And  I’ll  let  you  know  how 
my  house  remodeling  is  coming.  If  I 
follow  my  own  advice,  it  should  be 
doing  well.  ©  53370 
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Microsoft  Keeps  Using  FUD  Against  Linux 


THE  ARTICLE  “Microsoft  Tries 
New  Pitch  to  Curb  Linux  Use” 
[QuickLink  52567]  states  that  Mi¬ 
crosoft  is  attempting  to  sway  users 
away  from  Linux  by  spotlighting  the 
need  for  strong  intellectual-proper¬ 
ty  protection.  FUD,  FUD  and  more 
FUD;  it  is  what  Microsoft  does  best. 

The  first  thing  that  IT  managers 
and  CEOs  have  to  ask  is,  Where 
does  the  threat  lie?  From  SCO?  On 
the  surface,  yes.  But  anyone  has  to 
seriously  doubt  that  there  is  any 
substance  to  SCO’s  case  against 
IBM  at  all.  Although  Computerworld 
and  other  publications  character¬ 
ized  the  ruling  not  to  grant  summary 
judgment  as  a  win  for  SCO,  in  fact 
IBM  won  90%  of  the  motion  for 
summary  judgment.  If  it  were  not 
for  the  judge's  forbearance,  the 
case  would  be  over,  and  he  said 
as  much. 

So,  what  is  really  going  on  here? 
A  veiled  threat  from  Microsoft,  im¬ 
properly  wielding  its  market  domi¬ 
nance  once  again.  Steve  Ballmer 
tried  this  recently  in  Asia,  directing 


the  threat  toward  national  and  local 
government  entities.  The  next 
week,  Beijing  announced  that  the 
city  government  wouldn’t  renew  its 
Microsoft  license  and  would  switch 
to  Linux.  Microsoft  needs  more  of 
the  same.  Better  yet,  switch  to  Ap¬ 
ple.  Better  hardware,  better  operat¬ 
ing  system,  better  use  of  open- 
source  and  no  threat  of  litigation 
from  SCO  or  Microsoft. 

Daniel  Reiss 
President  and  CEO, 

Automated  Terminal 
Systems  Inc.,  Washington, 
atysusua@earthlink.  net 

Dude,  You  Got  H-1B 
Practices  Wrong 

IN  PAT  THIBODEAU’S  interview 
with  N.  Sivakumar,  the  author  of 
Dude,  Did  I  Steal  Your  Job?  [Quick- 
Link  52816],  Sivakumar  is  quoted 
as  saying,  "An  H-1B  worker  should 
not  replace  an  American  worker.  I 
totally  agree  with  that.  That’s  ethi¬ 


cally  wrong,  lawfully  wrong  -  it’s 
wrong  from  any  angle.  If  anyone 
is  doing  that,  they  should  be  pun¬ 
ished.”  To  which  I  offer  this  light¬ 
hearted  correction:  Dude,  you  got 
it  wrong. 

Many  of  us  would  strongly  agree 
with  his  argument  that  H-1B  work¬ 
ers  shouldn’t  replace  American 
workers.  However,  there  are  no  pro¬ 
visions  in  the  H-1B  sections  of  im¬ 
migration  regulations  that  require 
companies  to  first  hire  Americans 
or  that  would  prevent  companies 
from  displacing  American  workers. 
Companies  that  replaced  Ameri¬ 
cans  did  so  in  full  compliance  with 
the  law.  Unfortunately,  it  is  a  com¬ 
mon  misconception  that  American 
workers  are  somehow  protected 
from  this  practice. 

Nate  Viall 

President,  NVAA,  Des  Moines 

Try  for  Real  Variety 

IT’S  AMAZING  howthe  panel  of 
experts  gathered  for  Computer- 
world's  report  on  the  future  of  IT 
[“The  View(s)  Ahead,”  QuickLink 


52738],  defined  as  “a  diverse 
group,”  didn't  include  a  single  per¬ 
son  of  Asian,  Middle  Eastern  or 
African  descent,  nor  did  it  include 
a  woman. 

When  bringing  together  a  group 
of  “academics,  researchers,  ana¬ 
lysts  and  CIOs,”  Computerworld 
may  find  it  interesting  to  expand  its 
horizons  beyond  males  of  European 
descent.  And  its  readers  may  ap¬ 
preciate  the  intellectual  variety. 

SC  Karmanoff 
Principal,  KEMS, 

Royal  Oak,  Mich. 
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DB2.  ONLY  THE  PERFORMANCE  IS  HIGH. 

DB2  has  done  it  again.  According  to  a  Market  Magic  Study, 
DB2  costs  “on  average  22%  less  than  Oracle.”' 

The  Transaction  Processing  Performance  Council  results 
show  that  DB2  and  eServer”  p5-595  are  more  than  twice 
as  scalable  as  Oracle  Real  Application  Clusters,  making 
them  the  overwhelming  performance  and  scalability 
leader  for  TPC-C.2  And  an  ITG  study  showed  overall  costs 
for  Oracle  Database  up  to  four  times  higher  than  DB2.3 

No  wonder  DB2  is  regarded  as  the  leading  database  built 
on  and  optimized  for  Linux!  UNIX'  and  Windows!  Like 
other  IBM  database  engine  products  such  as  Informix' 
and  Cloudscape7  DB2  is  part  of  an  innovative  family  of 
information  management  products  that  integrates  and 
can  actually  add  insight  to  your  data. 


It  takes  full  advantage  of  your  existing  heterogeneous 
and  open  environments,  while  its  leading-edge 
autonomic  computing  technology  means  increased 
reliability,  increased  programmer  productivity  and 
decreased  deployment  and  management  costs. 

One  more  thing:  Oracle  desupported  Oracle  Database  8i 
last  year,  meaning  potential  headaches,  higher  cost  or 
a  complete  migration  to  current  versions  of  Oracle. 
Fortunately,  IBM  offers  ongoing,  around-the-clock  service 
and  support  for  DB2. 

Why  not  move  up  to  middleware  that  makes  sense?  Now  you 
can  get  IBM  DB2  Universal  Database  or  Informix  by  taking 
advantage  of  our  extremely  compelling  trade-up  program. 
Visit  ibm.com/db2/swap  today  to  find  out  if  you  qualify. 
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IBM,  the  IBM  logo,  DB2,  eServer,  Informix,  Cloudsoape  and  the  On  Demand  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and  other  countries,  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other 
countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
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QUICKSTUDY 

Biometric  Authentication 

A  look  at  the  technologies  that 
can  be  used  to  verify  a  user’s 
identity  by  means  of  a  physical 
trait  or  behavioral  characteristic 
that  can’t  easily  be  changed, 
such  as  a  fingerprint.  Page  26 


SECURITY  MANAGER’S  JOURNAL 

Downtime  Becomes 
Documentation  Time 

Mathias  Thurman  takes  advantage 
of  a  lull  in  the  usually  hectic  pace 
to  catch  up  on  some  important 
stuff  —  documenting  the  things 
that  were  done  earlier.  Page  28 


OPINION 

Joining  the  Federation 

Mark  Willoughby  says 
federation  may  a  trendy 
linguistic  reinvention,  but 
its  ramifications  for  identity 
and  networks  are  still 
important  to  IT.  Page  30 
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HEN  JIM  TARALA 
oversaw  the  re¬ 
building  of  his 


BY  ROBERT L 


MITCHELL 


firm’s  network  and  IT 
infrastructure  last  year,  he  never 
dreamed  he’d  throw  out  his  Fibre 
Channel  SAN  in  favor  of  IP-based 
networked  storage.  The  savings,  how¬ 
ever,  were  just  too  large  to  ignore. 

Tarala,  CIO  and  chief  technology 
officer  at  Schenck  Business  Solutions, 
a  500-partner  accounting  firm  in  Mil¬ 
waukee,  was  comfortable  with  his 
EMC  Clariion  storage  system,  but  it 
was  running  out  of  space.  Tarala  also 
wanted  to  eliminate  direct-attached 
storage  on  his  mySQL  and  Microsoft 
Exchange  Server  systems  in  favor  of 
networked  storage.  He  decided  to  re¬ 
place  the  entire  system  but  initially 
dismissed  the  idea  of  using  IP  stor¬ 
age-area  networks  (SAN)  —  systems 
that  use  the  iSCSI  protocol  to  allow 
servers  to  access  stored  data  over  an 
IP  network  —  rather  than  direct- 
attached  or  Fibre  Channel  arrays.  “I 
wasn’t  comfortable  with  the  overall 
architecture,”  Tarala  says. 

Then  he  discovered  that  replacing 
the  aging  FC700  with  a  1.5TB  system 
would  cost  more  than  $90,000,  while 
a  2.5TB  iSCSI-based  PS  Series  system 
from  EqualLogic  Inc.  in  Nashua, 
N.H.,  would  cost  just  $47,000. 
Schenck  gave  Fibre  Channel  the 
boot.  Tarala  now  has  three  PS 
Series  systems  with  more  than 
7TB  of  capacity  that  support  12 
servers. 

“I  spent  half  of  what  I  budget¬ 
ed,  doubled  my  capacity,  and  it 
performed  flawlessly,”  he  says. 


More  than  two  years  af¬ 
ter  the  iSCSI  protocol  was 
ratified  as  an  Internet  Engi¬ 
neering  Task  Force  standard,  early 
adopters  say  IP  SANs  are  not  only 
ready  for  production  deployments 
but  also  offer  an  alternative  to  Fibre 
Channel  for  low-end  and  midrange 
storage.  Performance  and  reliability 
of  iSCSI  arrays  have  improved,  and 
iSCSI  SANs  are  significantly  less  ex¬ 
pensive  to  set  up  and  manage  than 
Fibre  Channel  SANs,  users  say. 

The  high  costs  of  traditional  SANs 
have  restricted  the  technology  to 
mostly  first-  and  second-tier  data 
center  applications.  Now  storage  ad¬ 
ministrators  are  setting  their  sights 
on  iSCSI  as  an  alternative  for  some 
second-tier  applications. 

A  Second  Wave 

And  a  second  wave  of  storage  consol¬ 
idations  is  already  under  way:  Admin¬ 
istrators  are  replacing  direct-attached 
storage  used  in  departmental  servers 
with  local,  iSCSI  SANs.  Robert  Gray, 
an  analyst  at  IDC,  says  the  strongest 
growth  is  coming  from  large  compa¬ 
nies,  which  have  huge  numbers  of  de¬ 
partmental  servers  that  can  benefit 
from  consolidating  storage. 

Early  misgivings  about  iSCSI’s  ca¬ 
pabilities  have  faded.  Tarala  was  wary 
of  the  performance  and  reliability  of 
the  Serial  ATA  (SATA)  drives  used  in 
EqualLogic’s  system  but  says  the  new 
SAN’s  performance  has  been  compa¬ 
rable  to  the  system  he  retired. 

The  new  storage  system  is  also 
more  efficient  to  run.  Because  the 
SAN  is  IP-based,  Tarala’s  Windows 


As  the  technology  has  matured, 
IP-based  storage  arrays  have 
established  a  beachhead  as  the 
preferred  low-end  SAN  option. 
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server  administrators  can  manage  it. 

“You  don’t  have  to  wait  to  bring  in 
an  outside  technician  to  check  that  the 
[Clariion]  tuned  the  array,”  he  says. 

And  moving  from  direct-attached  to 
networked  storage  has  improved  staff 
productivity.  “Everything  boots  from 
the  SAN,  and  they  can  bring  up  a  new 
Windows  2003  server  in  20  minutes,” 
Tarala  says. 

Until  recently,  the  major  SAN  ven¬ 
dors  were  reluctant  to  release  iSCSI 
products,  citing  maturity  issues  and 
server  CPU  performance  bottlenecks 
that  might  arise  in  processing  traffic 
associated  with  iSCSI  and  the  chatty 
TCP/IP  protocol.  But  thanks  in  part  to 
faster  processors,  that  bottleneck  nev¬ 
er  materialized  for  Tier  2  applications. 

Smaller  Vendors  Lead 

Smaller  vendors,  such  as  EqualLogic, 
StoneFly  Networks  Inc.  in  San  Diego 
and  Intransa  Inc.  in  San  Jose,  have  tak¬ 
en  the  lead  in  offering  iSCSI  target 
storage,  while  larger  players  such  as 
EMC  Corp.  have  offered  iSCSI  ports  on 
Fibre  Channel  SANs  and  multiprotocol 
switches. 

But  native  iSCSI  storage  arrays  are 
less  expensive,  and  early  buyers  are 
deploying  them  to  support  e-mail  and 
database  servers,  backup  and  other  de¬ 
partmental  applications  that  don’t  re¬ 
quire  the  high  I/O  that  Fibre  Channel 
delivers  —  and  that  won’t  support  the 
cost  of  Fibre  Channel  SAN  switches 
and  host  adapters. 

Now  Tier  1  vendors  are  jumping  in. 
IBM,  which  withdrew  an  early  iSCSI 
array,  has  returned  to  the  market  with 
the  TotalStorage  DS300.  EMC  recently 
announced  new  Clariion  AX  and  CS 
Series  models  that  offer  native  iSCSI 
connectivity  to  Fibre  Channel,  parallel 
ATA  or  SATA  disk  arrays.  Every  major 
vendor  will  have  a  native  iSCSI  SAN 
offering  by  year’s  end,  says  Gray. 

That’s  important  to  users  such  as 
Robert  Stevenson,  a  technology  strate¬ 
gist  at  Nielsen  Media  Research  Inc.  in 
New  York.  “Initially,  we  were  very  cau¬ 
tious  about  moving  into  the  iSCSI 
space  [because]  the  larger  players 
were  dismissive  of  it,”  he  says.  But  like 
Tarala,  he  found  the  cost  and  manage¬ 
ability  benefits  outweighed  his  initial 
concerns. 

Stevenson  started  last  year  with  an 
IP5000  iSCSI  target  array  from  Intran¬ 
sa  to  support  a  virtual  tape  library  ap¬ 
plication,  then  he  added  another  unit 
to  house  small  Sybase  Inc.  databases 
that  sit  behind  Nielsen’s  TV  ratings 
system  applications. 

A  third  IP  SAN  from  EqualLogic  is 
in  the  lab  as  part  of  a  project  to  host  a 
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larger  data  warehouse.  At  about  $3  per 
gigabyte,  storage  on  the  Intransa  sys¬ 
tem  is  “very  economically  compelling,” 
Stevenson  says. 

With  more  than  10TB  on  iSCSI- 
based  storage,  Stevenson’s  biggest 
concern  now  is  rolling  administration 
of  those  systems  into  the  storage  re¬ 
source  management  tools  that  control 
the  rest  of  his  1.2  petabytes  of  net¬ 
worked  storage.  Unfortunately,  his  cur¬ 
rent  tools  don’t  fully  support  iSCSI. 

Management  of  iSCSI  SAN  systems 
has  trailed  behind  hardware  and  infra¬ 
structure  development,  and  standards 
like  the  Storage  Networking  Industry 
Association’s  (SNIA)  Storage  Manage¬ 
ment  Interface  Specification  have  yet 
to  catch  up. 

Support  for  mixed  environments  like 
the  one  Stevenson  is  considering  are 


an  even  bigger  challenge.  “How  do  I 
manage  an  end-to-end  environment 
when  the  iSCSI  host  may  be  several 
hops  away  on  a  Gigabit  Ethernet 
switch  or  IP  router  and  the  proxy  Fibre 
Channel  target  is  on  the  other  side  of  a 
multiswitch  SAN?”  he  says. 

But  those  concerns  aren’t  stopping 
users  from  creating  stand-alone  IP 
SANs  to  target  specific  applications. 
For  example,  Siemens  Corporate  Re¬ 
search  Inc.  in  Princeton,  N.J.,  added  an 
iSCSI  interface  to  its  Network  Appli¬ 
ance  Inc.  filer  to  back  up  its  IBM  Ra¬ 
tional  ClearCase  change  management 
software.  ClearCase  wanted  to  issue 
block-writes  to  direct-attached  disks; 
an  iSCSI  interface  allowed  the  storage 
to  be  migrated  to  the  filer,  where  it 
could  be  backed  up  using  NetApp’s 
Snapshot  technology. 


“The  entire  [800GB]  backup  takes 
less  than  two  minutes,”  says  Ramesh 
Viswanathan,  director  of  computer  and 
network  administration.  Adding  iSCSI 
support  required  a  simple,  free  down¬ 
load  from  NetApp.  “We  didn’t  have  to 
invest  in  new  hardware,”  he  says. 

Bruce  Waslie  says  moving  a  SQL 
Server  database  on  an  IP  SAN  can  re¬ 
duce  administrator  headaches.  Last 
summer,  a  rapidly  growing  SQL  data¬ 
base  that  served  an  imaging  applica¬ 
tion  hit  90%  of  capacity,  says  Waslie, 
senior  systems  engineer  at  Koch  Logis¬ 
tics,  a  transportation  and  distribution 
services  provider  in  St.  Paul,  Minn.  Ex¬ 
panding  the  direct-attached  arrays  was 
sometimes  problematic  and  required 
taking  the  system  down  after  hours. 

Waslie  moved  the  data  onto  three 
iSCSI-based  Network  Storage  Module 
150  appliances  from  LeftHand  Net¬ 
works  Inc.  in  Boulder,  Colo.  “The  last 
time  I  had  to  expand  [storage],  I  did  it 
in  minutes  —  and  I  didn’t  have  to  come 
in  on  a  Sunday,”  he  says. 

Still,  experienced  users  have  other 
reservations  about  IP-based  storage  — 
especially  with  regard  to  the  IP  net¬ 
work.  Waslie  isolated  his  IP  SAN  traf¬ 
fic  on  a  physically  separate  network 
for  security  and  to  allow  for  out-of- 
band  management. 

Stevenson  says  project  planners 
should  make  sure  sufficient  bandwidth 
is  available  on  the  existing  network  be¬ 
fore  adding  iSCSI  traffic.  And  adding 
IP  SAN  devices,  which  require  static 
IP  addresses,  also  increases  complexi¬ 
ty.  “These  static  IP  connection  points 
make  it  very  different  to  upgrade  the 
storage  frames  in  a  heterogeneous  en¬ 
vironment,”  he  says. 

While  iSCSI  is  gaining  ground  for 
backups  and  second-tier  applications, 
Stevenson  already  envisions  using  IP 
SANs  for  a  more  mission-critical  appli¬ 
cation  at  Nielsen.  His  group  wants  to 
create  a  copy  of  a  40TB  data  ware¬ 
house  for  the  development  team,  but 
without  spending  $4  million  on  a  Fibre 
Channel  SAN.  “You  can  get  cheap 
blade  servers  and  get  iSCSI  to  them 
and  put  it  on  SATA  [disk  arrays],  and 
you’ve  got  low  cost,”  he  says. 

As  Nielsen  eventually  migrates  to 
10  Gigabit  Ethernet,  Stevenson  expects 
IP  SANs  to  move  still  higher  into  his 
tiered  storage  architecture.  Even  today, 
he  says,  “it  tends  to  perform  at  a  higher 
tier  than  you  would  think.”  ©  53298 


MICROSOFT'S  ROLE 

To  learn  more  about  how  Microsoft  has  supported 
adoption  of  IP  SANs,  visit  our  Web  site: 

QuickLink  53418 
www.computerworld.com 


IP  SAN  SPECS  AND  STANDARDS 


iSNS:  The  Internet  Storage  Name  Service, 
currently  an  IETF  draft  standard,  provides 
for  both  automated  discovery  and  authenti¬ 
cation  support  for  iSCSI  devices.  The  stan¬ 
dard  is  expected  to  be  finalized  this  year. 

SMI-S:  The  Storage  Management  Inter¬ 
face  Specification  is  a  SNIA  ini¬ 


tiative  to  develop  a  common 
management  interface  for  stor¬ 
age  networks.  SNIA’s  work  is  being  stan¬ 
dardized  through  the  InterNational  Com¬ 
mittee  for  Information  Technology  Stan¬ 
dards.  Support  for  iSCSI  within  the  SMI-S 
specification  is  still  evolving. 

MPI0:  Microsoft  Corp.'s  multipath  1/0 
technology  enables  multipathing  for  Win- 


ATAGLANCE 


dows  hosts  attached  to  iSCSI  or  Fibre 
Channel  SANs.  MPI0  can  be  used  to  facili¬ 
tate  fail-over  or  load  balancing.  A  new  fea¬ 
ture  in  Version  2  of  Microsoft’s  iSCSI  initia¬ 
tor  for  Windows,  MPI0  is  likely  to  become 
the  de  facto  standard  for  providing  multiple 
communication  paths  between  Windows 
hosts  and  IP  SANs. 


VDS:  Virtual  Disk  Services  is 


Microsoft's  tool  for  managing  heteroge¬ 
neous  storage  systems  for  Windows  sys¬ 
tems.  The  current  version  supports  only 
Fibre  Channel,  but  VDS  1.1  will  also  support 
iSCSI.  It  will  be  released  in  mid-2005,  six 
weeks  after  Service  Packl  for  Windows 
Server  2003  ships,  says  Microsoft. 

-  Robert  L  Mitchell 


SPae  -fz  lapSeS  /a)  toefttitrk  5ea>ri A, 

S5htep  I  tic.  J?ecaw£  (SaSij  pic/cinyS 

fi>r  undeSt  rabies. 


NETWORK  SECURITY 
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WOLVES  PROWL  OUTSIDE  -  OR  WORSE,  INSIDE  -  YOUR  NETWORK. 
NEED  PROOF?  CONSIDER: 

Malicious  code  attacks  on  company  networks  to  steal  confidential  information 
has  risen  nearly  50%. 

77%  of  companies  cited  employees  as  a  likely  source  of  hacking. 

93%  of  companies  who  lose  data  center  access  for  10  days  file  bankruptcy  within 
a  year.  Half  file  immediately. 

A  network  breach  compromising  corporate  data  costs  on  average  $475,000 
in  losses  and  recovery. 


YOU’RE  IN  A  RACE  YOU  CANT  WIN  AGAINST  AN  INTRUDER  YOU  WON’T  DETECT. 
UNLESS  YOU  JUNIPER  YOUR  NET,  NOW. 


►  UNRIVALED,  INTRINSIC  NETWORK  SAFETY.  ONLY  FROM  JUNIPER. 

A  Juniper  network  is  simply  more  secure.  Why?  Security  is  inherent  in  our  exclusive 
operating  system:  Clean  code  =  unparalleled,  impenetrable  security. 

►  SECURE,  ASSURED  NETWORKING.  ONLY  FROM  JUNIPER. 

No  restraints:  The  network  works  for  you,  not  vice  versa.  No  compromises:  It’s 
unprecedented  application  layer  intelligence  -  your  network  understands  who 
you  are  and  what  you  are  doing,  second-by-second,  end-to-end.  No  kidding:  That’s 
Juniper’s  Secure  &  Assured  Networking.  Security,  with  assured  performance,  means 
a  network  tailored  to  you  -  exactly  -  for  unfaltering  control.  Just  because  users  have 
access  doesn’t  mean  they  should  have  the  run  of  all  resources.  Juniper’s  deep 
inspection  firewalls,  Intrusion  Detection  and  Prevention  and  application-aware  remote 
access  SSL  VPNs  deliver  application-level  security  -  for  application-specific  quality, 
network  wide.  It’s  a  purpose-built  platform  ever-monitoring  critical  apps,  data  and 
intellectual  property. 

Juniper  architecture  is  wholly  interoperable  with  the  world’s  largest  networks  and 
totally  uncompromised  by  connections  to  legacy  equipment.  Another  reason  Juniper 
means  lower  TCO. 

►  ENTERPRISING,  ENTERPRISE-PROVEN  SOLUTIONS?  ONLY  TRUST  JUNIPER. 

Juniper’s  carrier-class  performance,  intelligence  and  security  -  once  available  only  to 
service  providers  -  is  here  for  your  enterprise.  That’s  why  we’re  the  brand  of  network 
security  chosen  by  many  of  the  governmental  agencies  and  financial  titans  who  underpin 
our  nation’s  strength  and  stability.  And  why  you  can  embrace  the  multiple  applications, 
platforms  and  configurations  your  ever-changing  network  throws  at  you. 

Rest  easy  knowing  Juniper  products  -  and  our  sophisticated  security  -  mean  incredible 
scalability,  while  still  providing  superior  speed,  reliability  and  performance. 

►  WHAT  YOU  CAN  DO  NOW:  ONLY  CALL  JUNIPER.  / 

For  more  information  -  including  innovative,  ' 
insightful  case  studies  and  white  papers  -  go  to: 

http://www.juniper.net/solutions/literature/ 
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888-JUNIPER  (888-586-4737) 
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Continental  Airlines  pushed 
the  envelope  when  it  moved 
its  automated  ticket-reissue 
application  to  an  open-source 
software  stack  that  included 
a  64-bit  MySQL  database 
server.  By  Carol  Sliwa 


CONTINENTAL  AIRLINES  INC.  encountered  a  bit  of 
turbulence  last  year  when  it  decided  to  shift  the 
ticket-reissue  application  it  had  built  for  Unix-based 
servers  to  a  full  open-source  software  stack  with  a 
64-bit  database  server. 

There  were  no  64-bit  editions  of  some  of  the  key 
drivers  and  software  products  that  the  Houston- 
based  airline  needed  for  the  application.  So  develop¬ 
ers  had  to  trek  to  Hewlett-Packard  Co.’s  service  cen¬ 
ter  to  test  and  certify  the  drivers  to  run  in  32-bit 
native  mode  on  the  64-bit  HP  Linux  systems. 

Continental  had  to  launch  the  application  in  Sep¬ 
tember  with  the  MySQL  database  servers  in  32-bit 
mode  and  wait  about  five  months  for  the  64-bit  edi¬ 
tion  of  HP’s  Serviceguard  for  Linux,  which  would  pro¬ 
vide  the  high  availability  it  wanted.  Within  the  next 
three  weeks,  the  company  expects  to  move  its  clus¬ 
tered  64-bit  database  servers  from  the  lab  to  produc¬ 
tion,  says  Michael  McDonald,  director  of  technology. 

Even  before  that  happens,  the  application  has  been 
paying  dividends  on  the  open-source  stack.  A  ticket¬ 
reissuing  process  that  once  took  highly  experienced 
agents  an  average  of  20  minutes  to  complete  can  now 
be  performed  by  customers  visiting  Continental’s  Web 
site.  Later  this  year,  customers  will  be  able  to  access 
the  application  through  self-service  airport  kiosks. 

Moving  from  an  ad  hoc  manual  process  to  the 
Unix-based  application  running  on  450-MHz  HP 
NonStop  servers  initially  cut  the  average  transaction 
time  to  15  seconds.  Switching  last  September  to 
faster  Opteron-based  HP  servers  for  the  database 
and  Xeon-based  boxes  for  the  application  and  Web 
servers,  all  running  on  Linux,  sliced  the  time  to  two 
seconds,  according  to  McDonald. 

Although  the  airline’s  approach  may  not  be  entire¬ 
ly  unique,  it’s  hardly  commonplace  among  well- 
established  corporations.  In  an  IDC  poll  of  Linux 
users  released  last  July,  just  27%  of  the  respondents 
said  they  run  databases  on  Linux.  And  with  Conti¬ 
nental,  it’s  not  only  a  database  but  also  will  be  a 
64-bit  MySQL  database  running  on  Linux. 

“They’re  leading-edge.  You’re  not  even  talking 
about  hundreds  of  companies  that  are  using  64-bit 
MySQL,”  says  Gartner  Inc.  analyst  Donald  Feinberg. 

In  comparison,  the  Apache  Web  server  and  JBoss 
application  server  that  Continental  selected  are  far 
more  popular  choices.  Meta  Group  Inc.  analyst 
Thomas  Murphy  says  many  of  his  clients  are  decid¬ 
ing  they  don’t  need  or  want  all  of  the  J2EE  technolo¬ 
gy  and  are  opting  for  open-source  stacks  that  are 
faster  to  develop  on  and  to  deploy. 

But  the  use  of  a  full  open-source  stack  tends  to  be 
less  prevalent  in  corporate  IT  development  shops,  ac¬ 
cording  to  Daryl  Plummer,  a  Gartner  analyst.  “There 
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are  a  lot  more  successes  for  people  who  have  adopt¬ 
ed  parts  of  the  open-source  stack,”  he  says.  “It’s  usu¬ 
ally  more  for  fringe  or  Web  applications,  but  it’s  mov¬ 
ing  more  and  more  toward  the  critical  ones  every  day.” 

Becoming  Mission-Critical 

Continental’s  ticket-reissue  application  didn’t  start 
out  as  mission-critical.  After  all,  it  didn’t  even  exist 
when  the  development  team  started  the  project. 

But  the  application  now  provides  an  audit  trail  for 
$400,000  in  ticket  reissues  per  day,  according  to 
Michael  Natale,  the  airline’s  chief  technology  officer. 

Natale  says  the  application  also  gives  customers  a 
consistent  price,  whether  they  use  it  through  the 
Web  site  or  call  an  agent  who  accesses  a  custom  ver¬ 
sion  of  the  application  through  a  PC. 

If  Continental  had  taken  the  traditional  approach, 
it  would  have  developed  the  application  for  its  main¬ 
frame-class  IBM  Transaction  Processing  Facility 
(TPF)  system  using  assembler  code  and  made  the 
application  available  only  to  agents  using  green- 
screen  terminals.  Instead,  the  project  team  wrote  the 
application  using  Java  technology,  knowing  that  it 
would  work  well  with  the  company’s  Unix  platform 
and  afford  more  options  at  the  presentation  layer. 

The  developers  initially  wrote  the  application  for 
the  built-in  software  stack  of  HP  NonStop  servers  but 
soon  found  that  the  package  was  “overkill”  for  their 
needs,  Natale  says.  “The  total  cost  of  ownership  didn’t 
warrant  keeping  it  on  that  [proprietary]  platform 
when  the  same  availability  and  uptime  were  available 
with  open-source  technologies,”  he  says.  “We’re  an 
airline  in  an  industry  with  tough,  lean  times  right  now, 
so  we’re  trying  to  do  things  as  efficiently  as  possible.” 

Continental’s  developers  had  also  found  the  450- 
MHz  processors  to  be  “a  handicap”  for  running  the 
Java  code,  says  McDonald.  “Java  relies  on  the  speed 
of  the  processors  to  execute  the  code  base,”  he  says. 
“The  faster  the  processor,  obviously,  the  faster  your 
code’s  going  to  execute.” 

Swapping  out  the  proprietary  database,  application 
and  Web  servers  for  open-source  alternatives  running 
on  Linux  went  smoothly.  And  with  support  from  HP 
and  Red  Hat  Inc.,  McDonald  didn’t  view  the  Linux 
decision  as  particularly  risky.  He  says  he  had  already 
witnessed  continuous  uptime  of  as  long  as  300  days 
while  running  Linux  on  development  machines. 

“The  platform  is  mature  enough  now  for  enter¬ 
prise  applications,”  Natale  says. 

Continental  now  runs  10  dual-processor  HP  blade 


Continental 

DOWN  TO  THE  HARDWARE 

- PRESENTATION  LAYER - 

JavaServer  Pages  produced  by  the  JBoss  application 
server  are  delivered  to  the  Web  servers,  which  display  the 
information  to  end  users  in  HTML.  JSP  also  deliver  content 
to  agents’ terminals  via  the  Airline  Link  Control  protocol. 

- -  MIDDLE  TIER - 

Software:  JBoss  application  servers  running  on 
Red  Hat  Linux. 

Hardware:  10  dual-processor  HP  blade  servers  with 
2.8-QHz  Intel  Xeon  processors. 

— -  BACKEND  - 

Software:  MySQL  database  servers  running  on  Red  Hat 
Linux;  HP’s  Serviceguard  for  Linux  cluster  kit. 

Hardware:  Three  quad-processor  HP  ProLiant  DL585 
serveis  with  2.2-GHz  Opteron  processors  from 
Advanced  Micro  Devices  Inc. 

'  o rage  HP  StorageWorks  Enterprise  Virtual  Array  3000. 
“A  large  portion  of  our  o[ lerational  database  is  loaded  into 
memory."  says  Michael  McDonald,  director  of  technology. 
"Weseldom  have  to  go  back  and  read  and  write  to  the  SAN." 


servers  for  the  application  and  Web  servers,  and  a 
hardware  device  load-balances  them.  Running  on  the 
cheaper  commodity  blades  allows  the  company  more 
flexibility  to  expand  its  server  farm  if  transaction 
volume  starts  to  spike.  The  IT  department  merely 
needs  to  plug  in  a  server  and  run  a  script  to  install 
Linux,  JBoss,  Apache  and  the  application.  “It’s  ready 
to  go  in  under  four  minutes,”  says  McDonald. 

For  the  database  servers,  Continental  needed  more- 
powerful  boxes  and  opted  for  three  quad-processor 
HP  ProLiant  servers,  with  the  vendor’s  Serviceguard 
for  Linux  for  high  availability.  “We  assume  that 
whenever  the  application  server’s  available  that  the 
database  should  always  be  there,”  McDonald  says. 

Continental  uses  the  database  for  persistence, 
through  objects  stored  in  the  server.  When  a  client 
makes  a  request,  business  logic  at  the  application 
server  level  takes  over  and  calls  the  database.  The 
database,  in  turn,  makes  an  average  of  20  calls  to  the 
TPF  system  to  retrieve  the  information. 

A  price  is  formulated  and  displayed  to  the  cus¬ 


AUTOMATED  TICKET-REISSUE  ARCHITECTURE 


tomer.  No  additional  processing  is  needed,  regardless 
of  whether  the  customer  accepts  or  rejects  the  price, 
since  Continental  simply  reads  the  state  of  the  object 
from  the  database,  McDonald  notes.  Changes  are 
then  committed  to  the  TPF  system,  and  the  ticket  is 
reissued.  Or,  if  the  customer  has  rejected  the  price, 
notations  are  made  in  the  TPF  records. 

Plans  call  for  the  next  iteration  of  the  application 
to  be  able  to  calculate  refunds.  Developers  will  mere¬ 
ly  extend  the  current  application  architecture  to  do 
so,  McDonald  says. 

By  then,  Continental  hopes  to  have  resolved  a 
prickly  issue  over  pricing  with  Electronic  Data  Sys¬ 
tems  Corp.,  which  manages  its  data  centers.  EDS 
wants  to  view  the  quad-processor  database  servers 
as  midrange  boxes,  and  Continental  thinks  they 
should  be  viewed  more  like  Windows  servers  on 
commodity  hardware. 

“The  more  Linux  systems  that  you  get  into  your 
data  center,  the  less  it  costs  per  server  to  maintain,” 
McDonald  says.  “Once  you  pass  a  certain  point,  the 
cost  per  server  goes  down  tremendously.  So  it’s  just  a 
matter  of  time  before  you  get  enough  servers  in  the 
data  center  to  make  it  economically  feasible.” 

Finding  More  Uses  for  Linux 

But  the  pricing  debate  isn’t  stopping  Continental 
from  expanding  its  Linux  environment.  A  “flight 
farming”  project  running  on  open-source  software 
polls  the  ticket  database  to  pull  out  duplicate  passen¬ 
ger-name  records,  Natale  says. 

Continental  and  EDS  are  also  in  the  process  of  par¬ 
titioning  the  TPF  mainframe  and  moving  some  sub¬ 
systems  to  a  distributed  environment  of  cheaper  com¬ 
modity  Linux  servers,  McDonald  says.  The  subsys¬ 
tems  include  pricing,  scheduling  and  seat  inventory. 

“The  TPF  systems  have  been  taxed  out  so  much  in 
the  last  few  years  that  we’re  running  out  of  capacity 
on  some  of  those  mainframes,”  McDonald  says.  “You 
have  to  move  some  of  that  off  [the  mainframe],  or  at 
least  distribute  it.” 

Continental  is  following  the  lead  of  companies  such 
as  Sabre  Holdings  Corp.  and  Cendant  Corp.,  which 
have  already  moved  some  processing  off  their  main¬ 
frames.  With  so  many  customers  shopping  for  the 
best  fares  on  Web  sites,  travel  providers  are  looking 
for  more  cost-effective  ways  to  provide  those  services. 

“It’s  free  for  people  sitting  in  their  living  rooms  to 
click  around,”  McDonald  says,  “but  somebody  has  to 
pay  the  price  for  those  transactions  —  and  it’s  us.” 

Money-generating  transactions,  such  as  booking 
and  ticketing,  remain  on  Continental’s  tried-and-true 
mainframes. 

Even  though  the  more  stable  2.6  Linux  kernel  is 
now  supported  by  the  most  popular  commercial  Lin¬ 
ux  distributions  from  Red  Hat  and  Novell  Inc.,  many 
companies  remain  cautious  about  migrating  impor¬ 
tant  systems  to  the  open-source  operating  system. 

Gary  Hein,  an  analyst  at  Burton  Group,  says  clients 
tell  him,  “What’s  the  motivation  for  me  to  put  my 
neck  on  the  line,  when  Oracle  on  Solaris  is  the  core 
of  my  business  and  it  functions  just  perfectly?”  But 
he  also  finds  that  once  users  have  a  good  experience, 
they’re  more  inclined  to  take  the  plunge  again. 

“Success  breeds  success,”  Hein  says.  “They’re  hesi 
tant  to  do  the  first  one.  But  after  they  do,  they  say, 
Wow.  That’s  hard  not  to  do.’  ”  ©  53189 
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DEFINITION 

Biometric  authentication  is  the 

verification  of  a  user’s  identity 
by  means  of  a  physical  trait  or 
behavioral  characteristic  that 
can’t  easily  be  changed,  such 
as  a  fingerprint. 


BY  RUSSELL  KAY 

IN  THIS  COMPUTER- 

driven  era,  identity  theft 
and  the  loss  or  disclo¬ 
sure  of  data  and  related 
intellectual  property  are 
growing  problems.  We  each 
have  multiple  accounts  and 
use  multiple  passwords  on  an 
ever-increasing  number  of 
computers  and  Web  sites. 
Maintaining  and  managing  ac¬ 
cess  while  protecting  both  the 
user’s  identity  and  the  com¬ 
puter’s  data  and  systems  has 

become  increasingly  _ 

difficult.  Central  to  all 
security  is  the  concept 
of  authentication  — 
verifying  that  the  user 

is  who  he  claims  to  be.  _ 

We  can  authenti¬ 
cate  an  identity  in  three  ways: 
by  something  the  user  knows 
(such  as  a  password  or  per¬ 
sonal  identification  number), 
something  the  user  has  (a  se¬ 
curity  token  or  smart  card)  or 
something  the  user  is  (a  physi¬ 
cal  characteristic,  such  as  a 
fingerprint,  called  a  biomet¬ 
ric).  (For  more  on  authentica¬ 
tion,  go  to  QuickLink  a5630.) 

All  three  authentication 
mechanisms  have  drawbacks, 
so  security  experts  routinely 
recommend  using  two  sepa¬ 
rate  mechanisms,  a  process 
called  two-factor  authentica¬ 
tion.  But  implementing  two- 
factor  authentication  requires 
expensive  hardware  and  infra¬ 


» 


structure  changes.  Therefore, 
security  has  most  often  been 
left  to  just  a  single  authentica¬ 
tion  method. 

Passwords  are  cheap,  but 
most  implementations  offer 
little  real  security.  Managing 
multiple  passwords  for  differ¬ 
ent  systems  is  a  nightmare,  re¬ 
quiring  users  to  maintain  lists 
of  passwords  and  systems  that 
are  inevitably  written  down 
because  they  can’t  remember 
them.  The  short  answer, 
talked  about  for  decades  but 

_  rarely  achieved  in 

practice,  is  the  idea 
of  single  sign-on. 
[QuickLink  a5640]. 
Using  security  to- 
_  kens  or  smart  cards  re¬ 
quires  more  expense, 
more  infrastructure  support 
and  specialized  hardware.  Still, 
these  used  to  be  a  lot  cheaper 
than  biometric  devices  and, 
when  used  with  a  PIN  or  pass¬ 
word,  offer  acceptable  levels 
of  security,  if  not  always  con¬ 
venience. 

Biometric  authentication 
has  been  widely  regarded  as 
the  most  foolproof  —  or  at 
least  the  hardest  to  forge  or 
spoof.  Since  the  early  1980s, 
systems  of  identification  and 
authentication  based  on  physi¬ 
cal  characteristics  have  been 
available  to  enterprise  IT. 
These  biometric  systems  were 
slow,  intrusive  and  expensive, 
but  because  they  were  mainly 


used  for  guarding  mainframe 
access  or  restricting  physical 
entry  to  relatively  few  users, 
they  proved  workable  in  some 
high-security  situations. 
Twenty  years  later,  computers 
are  much  faster  and  cheaper 
than  ever.  This,  plus  new,  in¬ 
expensive  hardware,  has  re¬ 
newed  interest  in  biometrics. 

Types  of  Biometrics 

A  number  of  biometric  meth¬ 
ods  have  been  introduced  over 
the  years,  but  few  have  gained 
wide  acceptance. 

Signature  dynamics.  Based  on 
an  individual’s  signature,  but 
considered  unforgeable  be¬ 
cause  what  is  recorded  isn’t 
the  final  image  but  how  it  is 


produced  —  i.e.,  differences  in 
pressure  and  writing  speed  at 
various  points  in  the  signature. 

Typing  patterns.  Similar  to 
signature  dynamics  but  ex¬ 
tended  to  the  keyboard,  recog¬ 
nizing  not  just  a  password  that 
is  typed  in  but  the  intervals 
between  characters  and  the 
overall  speeds  and  pattern. 
This  is  akin  to  the  way  World 
War  II  intelligence  analysts 
could  recognize  a  specific 
covert  agent’s  radio  transmis¬ 
sions  by  his  “hand”  —  the  way 
he  used  the  telegraph  key. 

Eye  scans.  This  favorite  of 
spy  movies  and  novels  pre¬ 
sents  its  own  problems.  The 
hardware  is  expensive  and 
specialized,  and  using  it  is 
slow  and  inconvenient  and 
may  make  users  uneasy. 

In  fact,  two  parts  of  the  eye 
can  be  scanned,  using  differ¬ 
ent  technologies:  the  retina 
and  the  iris. 

Fingerprint  recognition.  Every¬ 
one  knows  fingerprints  are 
unique.  They  are  also  readily 
accessible  and  require  little 
physical  space  either  for  the 


POPULAR,  BUT  NOT  FOOLPROOF 


FOR  ALL  THE  SECURITY  that 
biometric  authentication  appears 
to  offer  at  first  glance,  it’s  not 
foolproof.  For  example,  finger¬ 
print  readers  can  be  fooled  more 
easily  than  one  might  imagine. 
Japanese  cryptographer  Tsutomu 
Matsumoto  at  Yokohama  Nation¬ 
al  University  found  that  by  mak¬ 
ing  molds  out  of  gelatin  (the  stuff 
of  Gummi  Bears)  he  could  repro¬ 
duce  a  fingerprint  that  would  fool 
80%  of  commercial  readers. 
Worse,  fingerprints  on  surfaces 
could  be  photographed,  en¬ 
hanced  and  etched  onto  circuit- 
board  material,  from  which  a 
gelatin  mold  could  then  be  made; 


these  also  worked  about  80% 
of  the  time. 

There's  one  other  problem 
with  fingerprints  and,  indeed, 
most  biometric  authentication 
techniques:  If  a  registered  finger¬ 
print  (or  eyeball,  or  whatever)  is 
compromised  -  if  someone  suc¬ 
ceeds  in  forging  or  spoofing  it  - 
you  can’t  just  change  it  like  you 
would  a  password.  You  could  use 
another  finger,  or  your  other  eye, 
but  there  are  clearly  limits  as  to 
how  many  options  you  have. 

This  makes  the  case  for  two-  or 
three-factor  authentication  even 
stronger. 

-Russell  Kay 


reading  hardware  or  the 
stored  data. 

Hand  or  palm  geometry.  We’re 
used  to  fingerprints  but  sel¬ 
dom  think  of  an  entire  hand  as 
an  individual  identifier.  This 
method  relies  on  devices  that 
measure  the  length  and  angles 
of  individual  fingers.  Although 
more  user-friendly  than  retinal 
scans,  it’s  still  cumbersome. 

Voice  recognition.  This  is  dif¬ 
ferent  from  speech  recogni¬ 
tion.  The  idea  is  to  verify  the 
individual  speaker  against  a 
stored  voice  pattern,  not  to 
understand  what  is  being  said. 

Facial  recognition.  Uses  dis¬ 
tinctive  facial  features,  includ¬ 
ing  upper  outlines  of  eye  sock¬ 
ets,  areas  around  cheekbones, 
the  sides  of  the  mouth  and  the 
location  of  the  nose  and  eyes. 
Most  technologies  avoid  areas 
of  the  face  near  the  hairline  so 
that  hairstyle  changes  won’t 
affect  recognition. 

The  Current  Leader 

Because  of  its  convenience 
and  ease  of  use,  fingerprint 
authentication  is  becoming 
the  biometric  technology  of 
widest  choice.  A  growing 
number  of  notebook  PCs  and 
computer  peripherals  are 
coming  to  market  with  built-in 
fingerprint  readers.  Scores  of 
products  are  available,  includ¬ 
ing  keyboards,  mice,  external 
hard  drives,  USB  flash  drives 
and  readers  built  into  PC  card 
and  USB  plug-in  devices.  Most 
of  these  units  are  relatively  in¬ 
expensive. 

These  devices  allow  the 
user  to  maintain  encrypted 
passwords  that  don’t  need  to 
be  remembered  but  instead 
are  invoked  after  the  user  puts 
his  finger  on  the  reader.  This 
can  also  be  used  with  a  sepa¬ 
rate  PIN  or  password  to  offer 
true  two-factor  authentication. 
©  53319 


Kay  is  a  Computerworld  con¬ 
tributing  writer  in  Worcester, 
Mass.  Contact  him  at  russkay@ 
charter.net. 
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Downtime  Becomes 
Documentation  Time 


Our  security  manager  takes  advantage  of  a 
lull  in  the  usual  hectic  pace  to  catch  up  on 
some  important  stuff.  By  Mathias  Thurman 


he  past  week  wasn’t 
extremely  insane  for  a 
change,  so  I  focused 
on  completing  some 
much-needed  documentation 
and  organization  of  some  of 
our  recent  activities.  The  first 
area  I  tackled  was  the  ongoing 
and  tiresome  Sarbanes-Oxley 
project. 

At  this  point  in  this  seem¬ 
ingly  never-ending  initiative, 
all  of  the  IT  security  controls 
have  been  identified,  tested, 
remediated  and,  most 
importantly,  automat¬ 
ed  and  made  repeat- 
able.  Those  last  two 
items  are  key,  since 
having  automated 
and  repeatable  proc¬ 
esses  will  save  us 
time  when  we  have  to  demon¬ 
strate  compliance  with  Sar¬ 
banes-Oxley  Act  mandates 
again.  In  addition,  having  au¬ 
tomated  and  repeatable  proc¬ 
esses  will  help  with  any  other 
audits  or  attestations  that  we 
may  be  responsible  for,  since 
other  regulations  will  most 
likely  encompass  the  same  ac¬ 
tivities  covered  by  Sarbanes- 
Oxley. 

Now  it’s  just  a  matter  of 
putting  together  some  docu¬ 
mentation  about  the  processes 
so  that  in  years  to  come  we 
can  quickly  produce  the  infor¬ 
mation  needed  to  ensure  con¬ 
tinued  compliance.  I’ll  explain 
with  a  couple  of  examples. 

Following  the  Rules 

During  the  IT  security  portion 
of  our  Sarbanes-Oxley  project, 
dozens  of  control  objectives 
were  identified,  and  we  came 
up  with  repeatable  methods 
to  test  against  those  controls. 
One  control  that  we  identified 
involves  ensuring  that  users 
are  restricted  from  logging 
into  an  “in-scope”  Unix  sys¬ 


tem  directly  as  root.  The  prop¬ 
er  method  for  gaining  root- 
level  access  is  to  log  in  with 
an  assigned  user  account  and 
SecurlD  token  and  then  issue 
the  “switch  user”  (SU)  com¬ 
mand  to  gain  root-level  access. 

But  there  are  always  people 
who  seem  to  be  either  too  lazy 
or  too  inconvenienced  to  fol¬ 
low  these  rules.  Yes,  our  Unix 
systems  are  configured  to 
deny  direct  root  log-ins,  but 
console  servers  are  attached 
to  each  system  for 
emergency  access  in 
the  event  that  an  in¬ 
terface  goes  down 
and  an  administra¬ 
tor  needs  to  trou¬ 
bleshoot.  The  need 
to  provide  such 
emergency  access  is  real,  es¬ 
pecially  in  remote  data  cen¬ 
ters,  but  the  console  access 
provides  a  user  with  root-  or 
administrator-level  privileges. 

Whenever  an  administrator 
accesses  the  system,  though, 
logs  are  generated  that  identi¬ 
fy  the  method  of  access  and 
the  use  of  SU  to  gain  root- 
level  access.  Part  of  the  Sar¬ 
banes-Oxley  control  objective 
states  that  these  logs  are  to  be 
regularly  reviewed  in  order  to 
monitor  methods  of  access. 

The  documentation  I  creat¬ 
ed  discusses  the  responsibil¬ 
ity,  frequency,  location  and 
methodology  of  reviewing 
those  logs.  Eventually,  we  will 
put  some  technical  controls  in 
place  so  that  we  won’t  have  to 
review  logs  manually,  but  for 


Although  a  lot 
of  documentation 
ends  up  on  a  shelf, 
it  can  be  worth  its 
weight  in  gold. 


now,  this  activity  satisfies  that 
particular  control  objective. 

Another  example:  We  have 
written  scripts  that  check  for 
modifications  of  configuration 
files,  the  presence  of  unautho¬ 
rized  files,  unauthorized  en¬ 
tries  in  certain  files  or  other 
changes  that  may  cause  a  de¬ 
parture  from  our  defined  se¬ 
curity  baseline  and  the  con¬ 
trols  identified  as  part  of  the 
Sarbanes-Oxley  audit.  But 
when  creating  these  scripts, 
we  never  took  the  time  to  fully 
document  the  procedures,  the 
locations  of  scripts  and  other 
pertinent  information.  Al¬ 
though  some  notes  were  taken 
and  some  high-level  explana¬ 
tions  were  provided  to  satisfy 
auditors,  none  of  that  reached 
the  level  of  detailed  documen¬ 
tation.  So,  over  the  past  couple 
of  weeks,  I  took  the  time  to 
document  the  details.  For  each 
control  objective,  I  annotated 
the  particular  script,  the  out¬ 
put,  where  results  were  stored 
and  the  method,  frequency 
and  annotation  of  the  review 
of  the  results. 

Document  Safeguards 

Over  the  years,  I’ve  created  an 
abundance  of  documentation, 
ranging  from  policy  to  stan¬ 
dards  and  guidelines.  For  the 
most  part,  these  documents  sit 
undisturbed  on  a  shared  drive 
or  in  a  binder  collecting  dust. 
I’m  sure  that  this  Sarbanes- 
Oxley  document  will  fall  into 
that  same  category,  but  at  least 
it’s  available  in  the  event  that 
auditors  ask  for  it. 

I  spent  the  rest  of  the  week 
documenting  various  aspects 
of  our  recent  RSA  SecurlD  de¬ 
ployment.  First,  I  finished  up 
the  run  books  for  the  Web  Ex¬ 
press  application.  As  I’ve  men¬ 
tioned  before,  we  deployed 
RSA  Web  Express  to  aid  in  the 
deployment  of  SecurlD  to¬ 
kens.  Our  IT  department  uses 
rim  books  to  annotate  infor¬ 
mation  needed  to  perform 
general  day-to-day  mainte- 
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nance  and  to  respond  to  emer¬ 
gencies  such  as  service  out¬ 
ages  and  performance  prob¬ 
lems.  Typically,  our  run  books 
contain  information  regarding 
hardware,  software,  the  appli¬ 
cation,  dependencies,  points 
of  contact,  backups,  fail-over 
instructions  and  so  on.  I  hadn’t 
taken  the  time  to  properly  an¬ 
notate  the  run  books,  so  I 
spent  a  day  completing  that 
task.  I  also  wrote  an  adminis¬ 
trator’s  guide,  a  user’s  guide 
and  a  matching  quick  refer¬ 
ence,  or  cheat  sheets.  It’s  al¬ 
ways  nice  to  provide  a  couple 
of  formats  for  users  and  ad¬ 
ministrators  who  want  only 
the  steps  and  don’t  care  to  see 
illustrations  or  other  details. 

This  step  is  critical,  since 
properly  annotated  documen¬ 
tation  will  prevent  an  influx  of 
help  desk  calls.  I  always  take 
advantage  of  stressing  a  com¬ 
mon  help  desk  issue  through 
mass  communication  versus 
forcing  the  users  to  call.  Nor¬ 
mally,  I  would  have  a  technical 
writer  at  my  disposal,  but  re¬ 
sources  are  tight  these  days, 
so  we  create  documentation 
ourselves  and  pass  it  around 
within  the  department  for 
readability  and  quality  assur¬ 
ance  purposes. 

Although  a  lot  of  documen¬ 
tation  ends  up  sitting  on  a 
shelf,  I  still  feel  that  it  can  be 
worth  its  weight  in  gold,  espe¬ 
cially  when  employees  with 
important  knowledge  leave 
the  company  or  when  we’ve 
forgotten  details  of  an  applica¬ 
tion  that  we  installed  and  con¬ 
figured  in  the  distant  past. 

And  while  I’m  on  that  topic, 
it’s  always  a  good  idea  to  have 
a  knowledge  base  available  to 
annotate  miscellaneous  tips 
and  tricks  regarding  applica¬ 
tions  in  the  environment. 

Documentation  is  never  an 
enjoyable  activity,  but  at  the 
end  of  the  day,  you’ll  generally 
be  glad  you  did  it.  I 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias. 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to: 

O  computerworld.com/secjournal 


SECURITY  LOG 


Security  Bookshelf 

■  Buffer  Overflow  Attacks, 
by  James  C.  Foster,  Vitaly 
Osipov  and  Nish 
Bhalla(Syngress, 

2004). 


Buffer 


Every  information 
security  engineer 
should  know  about 
buffer  overflow  at¬ 
tacks  and  how  to  re¬ 
view  code  at  a  high 
level.  Each  chapter 
of  this  logically  organized  and 
informative  book  provides 
technical  and  in-depth  but 
easily  readable  discussions  of 
a  major  type  of  buffer  overflow 
vulnerability.  Several  case 
studies  put  it  all  together  by 
analyzing  some  popular  ex¬ 
ploits.  Chapters  end  with  fre¬ 
quently  asked  questions 
(which  could  be  used  as  a 
quiz)  and  references  to  a  mul¬ 
titude  of  related  software  and 
Web  links.  I  will  surely  use  this 
book  as  I  conduct  application 
assessments. 

■Mathias  Thurman 


Overflow 

Attacks 


Group  Tackles 
VoIP  Security 

A  group  formed  to  head  off 
voice-over-IP  security  prob¬ 
lems  laid  out  its  first  set  of  pri¬ 
orities  last  week:  setting  up  a 
taxonomy  to  classify  threats 
and  establishing  the  require¬ 
ments  for  making  VoIP  secure. 
The  VoIP  Security  Alliance, 
which  was  established  in  Feb¬ 
ruary,  includes  Verizon  Com¬ 
munications  Inc.,  VeriSign  Inc. 
and  about  50  other  vendors 
and  service  providers. 


Security  at  a  Glance 

Network  Intelligence  Corp. 
released  a  new  version  of  its 
enVision  security  event  man¬ 
agement  software  that  fea¬ 
tures  a  dashboard  designed  to 
let  administrators  see  security 
and  compliance  status  in  real 
time.  The  dashboard  presents 
information  gathered  and  cor¬ 
related  from  multiple  security 
devices  deployed  on  a  net¬ 
work.  It  also  lets  administra¬ 
tors  quickly  drill  down  into 
specific  compliance-related 
issues,  the  company  said. 
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Microsoft  Windows  XP  Service  Pack  2:  Download  it  for 


against  security  threats. 


Microsoft  Risk  Assessment  Tool:  Complete  this  free,  Web-based 
self-assessment  to  help  you  evaluate  your  organization's  security 
practices  and  identify  areas  for  improvement. 


Free  Tools  &  Updates:  Download  free  software  like  Microsoft 
Baseline  Security  Analyzer  2.0  to  verify  that  your  systems  are 
configured  to  maximize  security.  Manage  software  updates 
easily  with  Windows  Server  Update  Services. 


Internet  Security  and  Acceleration  Server  2004:  Download  , 
the  free  120-day  trial  version  to  evaluate  how  the  advanced 
application-layer  firewall,  VPN,  and  Web  cache  solution  can  '  ' ■ 
improve  network  security  and  performance.  .  •  1  ,  j 
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Azaleos  Releases 
Exchange  Appliance 

■  Azaleos  Corp.  in  Issaquah, 
Wash.,  last  week  launched  a 
managed  Exchange  2003  mes¬ 
saging  appliance,  the  Azaleos 
OneServer,  and  the  accompany¬ 
ing  OneStop  subscription  service. 
The  appliance  integrates  enter¬ 
prise  server  hardware,  special¬ 
ized  software  and  managed 
subscription  services  into  a 
device  that  supports  up  to  2,500 
user  accounts,  the  company  said. 
Pricing  for  the  appliance  starts 
at  $35,000  and  includes  1TB  of 
storage;  the  OneStop  subscription 
begins  at  $7  per  month  per  user. 


AmberPoint  Unveils 
SOA  Dashboards 

■  AmberPoint  Inc.  has  announced 
dashboards  for  its  service-orient¬ 
ed  architecture  management 
software.  The  dashboards  enable 
users  to  more  precisely  pinpoint 
trouble  areas  and  pull  data  from  a 
broader  range  of  systems  than 
they  could  previously,  according 
to  the  Oakland,  Calif.-based  com¬ 
pany.  Pricing  was  not  announced. 


Nemonix  Rolls  Out 
Hardware  for  Alpha 

■  Nemonix  Engineering  Inc.  last 
week  announced  that  it’s  making 
hardware  for  AlphaServer  sys¬ 
tems,  which  Hewlett-Packard  Co. 
is  retiring  next  year.  The  con¬ 
troller  for  the  AlphaServer  has 
two  Gigabit  Ethernet  ports  on  a 
single  PCI-X  card  and  is  priced  at 
$899,  according  to  the  Holliston, 
Mass.-based  company. 


Informatica  and 
Composite  Partner 

»  Informatica  Corp.  last  week 
announced  a  development  part¬ 
nership  with  Composite  Software 
Inc.  in  San  Mateo,  Calif.  Under 
the  agreement,  Redwood  City, 
Calif.-based  Informatica  will  offer 
the  Composite  Information  Server 
as  a  complement  to  its  Power- 
Center  data  integration  platform. 


MARK  WILLOUGHBY 


Joining  the  Federation 


INFORMATION  TECHNOLOGY,  along  with  its 
cousin  biotechnology,  is  a  big  driver  of  the 
dynamic  lexicon.  Biotechnologists  usually  coin 
words  about  biological  things  from  thin  air  or 
revert  to  dusty  Greek  or  Latin  to  introduce 
words  into  English.  IT  likes  to  recycle  language,  adding 
heft  to  the  dictionary  with  new  uses  for  old  words. 


The  latest  word  to  be 
reinvented  by  IT  is  federa¬ 
tion.  It  describes  technol¬ 
ogy  unions  relying  on  new 
forms  of  data  integration. 

Federation  languished  for 
eons  in  the  linguistic  back¬ 
waters,  competing  with 
the  likes  of  league  and 
union  to  describe  political 
liaisons,  for  better  or  for 
worse.  Reinvented  with  a 
techno  spin,  it’s  now  as  hot 
as  lofts  in  a  gentrified  ware¬ 
house  district. 

The  movement  to  recast  federation 
got  its  impetus  with  identity  manage¬ 
ment  around  2002.  Various  industry 
bodies  like  the  Liberty  Alliance  and 
OASIS  were  drawing  up  standards  to 
enable  the  joining  of  trusted  networks 
into  even  larger  chains  of  trust.  Some 
technical  thinker  had  a  eureka  mo¬ 
ment  and  correlated  a  lesson  from 
political  history,  ergo  federated  identi¬ 
ties.  Federated  identities  gave  rise  to 
federated  networks.  (If  you  are  a 
purist,  maybe  that’s  backward.) 

Federated  networks  are  just  getting 
started,  but  they  will  be  huge  in  deliv¬ 
ering  authenticated  and  authorized 
users  for  secure  e-commerce  commu¬ 
nities  in  the  wired  and  wireless  worlds. 
Secure  users  are  key  to  streamlining 
supply  and  distribution  chains  for 
more  efficient  business.  Federation  in 
identity  management  has  even  mor¬ 
phed  into  a  verb  form:  Federate  now  to 
put  your  islands  of  identity  to  work 
authorizing,  controlling  and  logging 
your  users’  access  for  compliance  with 
the  Sarbanes-Oxley  Act. 


Federation  quickly 
achieved  rock-star  status 
as  a  recycled  word,  join¬ 
ing  instance,  image,  parent 
and  child,  cache  and  bus 
among  the  panoply  of 
innocuous  words  blessed 
by  technology  with  a  new 
meaning.  The  word  feder¬ 
ation  has  become  fecund 
and  given  rise  to  more 
federation  —  federated 
management,  federated 
configurations,  federated 
databases,  federated 
directories,  federation  ad  infinitum. 
Integrating  discrete  elements  is  passe; 
it  simply  won’t  do  if  one  can  federate 
and  achieve  a  higher  order  of  inter¬ 
operability. 

And  making  data  structures  interop¬ 
erate  more  efficiently  is  the  central 
theme  underlying  federation  of  all 
types.  Virtual  directories  provide  the 
foundation  for  enterprise  information 
integration,  or  Eli,  a  layer  of  abstrac¬ 
tion  to  bring  widely  distributed  and 
decentralized  islands  of  data  into  a 
unified  whole.  Virtual  directories  were 
not  invented  to  facilitate  federated 
identities,  but  federated  networks 
would  be  nowhere  without  virtual 
directory  technologies,  which  unite 
islands  of  identity  data  into  a  central¬ 
ized  management  framework  for 
stronger  security. 

With  virtual  directories,  there’s 
no  need  to  copy  or  replicate  data 
into  a  central  repository.  The  identity 
data  can  stay  in  its  traditional  reposi¬ 
tory  in  finance,  human  resources  or 
building  security,  close  to  the  owners 


MARK  WILLOUGHBY,  CISSP, 
is  a  20-year  IT  industry 
veteran  and  journalist. 
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of  the  information,  who  know  best 
how  to  manage  it. 

Virtual  directories  create  data  about 
the  data  —  metadata  —  that  describes 
how  to  find  the  desired  islands  of  infor¬ 
mation,  how  to  convert  the  data  in  the 
islands  into  a  desired  format,  how  to 
read  it  into  the  target  application  and 
how  to  update  the  data  once  it  has  been 
used.  Virtual  directories  save  time  and 
lots  of  money  and  prevent  the  endless 
arguments  among  federation  members 
over  who  owns  the  information. 

Identities  and  networks  may  have 
been  the  first  to  be  federated,  but  they 
are  no  longer  unique.  Virtual  directo¬ 
ries  and  Eli  underlie  a  growing  usage 
of  federation.  Federated  management 
and  federated  configurations  will  be 
necessary  to  provide  efficient  and  se¬ 
cure  service  management  for  layers  of 
distributed  infrastructure  information. 

Implementing  new  IT  governance 
standards,  such  as  the  IT  Infrastruc¬ 
ture  Library,  will  simply  be  impractical 
without  federated  information  built  on 
virtual  directories.  Federated  databas¬ 
es  will  have  metadata  at  the  intersec¬ 
tion,  to  describe  where  and  how  to 
read  and  write  data  from  underlying 
data  structures. 

Federated  data  and  Eli  will  be  big 
enablers  of  Web  services,  helping 
component  applications  to  be  de¬ 
ployed  far  more  rapidly,  without  con¬ 
cern  for  data  formats  or  locations.  In 
just  a  few  short  years,  we  could  have  a 
new  dictionary  entry  for  federation, 
rooted  in  IT. 

The  smart  people  in  biotechnology 
are  going  to  have  to  come  up  with  their 
own  federation  paradigm  to  solve  their 
problems.  They’re  going  to  have  to  de¬ 
velop  federated  biology  —  unified 
colonies  of  distributed  and  discrete 
information  connected  by  a  central 
nervous  system  for  the  greater  good. 
That  sounds  like  an  ancient  biological 
construct  —  the  jellyfish.  O  53332 
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Got  Questions  About 
Enterprise  Mobility? 

Computerworld’s  IT  Executive  Summit  Has  the  Answers 


If  you're  an  IT  executive  in  an  end-user 
organization,  apply  to  attend  Computerworld’s 
upcoming  complimentary  half-day  summit  on 
wireless  broadband  access  for  the  enterprise. 

CIOs  and  senior  IT  executives  are  finding  that 
replacing  multiple  remote  access  technologies 
with  wireless  broadband  access  to  the  enterprise 
can  play  a  key  role  in  boosting  employee 
productivity  and  streamlining  IT  support  while 
significantly  reducing  operational  costs. 


Achieving  the  Mobility  Imperative: 
Enabling,  Securing  and  Managing 
Wireless  Broadband  Access 

New  York  Marriott  Marquis  •  April  26,  2005 

Cantor  Jolson  Room,  9th  Floor 

1535  Broadway  in  Times  Square,  New  York  City 

7:45am  to  8:15am  Registration  and  Networking  Breakfast 


As  the  workforce  becomes  increasingly  mobile, 
the  variety  and  number  of  remote  access 


8:15am  to  8:30am  Introduction  and  Overview 

Julia  King,  Executive  Editor,  Events,  Computerworld 


Selected 

speakers  include: 


Phillip  Hirschel 
Cellular  Services  Manager, 
PriceWaterhouseCoopers 


Iain  Gillott 

Founder,  iGillott  Research 


devices  as  well  as  the  need  to  secure  the  data 
they  send  and  receive  presents  a  daunting 
challenge  for  today's  enterprises. 

By  leveraging  the  knowledge  of  industry  experts 
and  the  real-world  experience  and  advice  of  your 
IT  peers,  this  IT  Executive  Summit  will  provide  an 
overview  of  effective  strategies  for  overcoming 
the  obstacles  in  deploying  wireless  broadband 
access  for  the  enterprise. 

*  Complimentary  registration  is  restricted  to 
qualified  IT  executives  only. 


Apply  for  registration  today 

Contact  Chris  Leger  at  888-299-0155 
or  visit:  www.itexecutivesummit.com 


8:30am  to  9:15am  The  Next  Wireless  Evolution 

lain  Gillott,  Founder,  /'Gillott  Research 

9:15am  to  9:45am  Deploying  Wireless  Broadband  Technology: 
An  IT  Perspective 

Phillip  Hirschel,  Cellular  Services  Manager, 
PriceWaterhouseCoopers 


9:45am  to  10:15am  Refreshment  and  Networking  Break 

10: 15am  to  10:45am  Keynote  Presentation: 

Broadband  Wireless  Solutions  for  the  Enterprise 

Roger  Gurnani,  CIO,  Verizon  Wireless 

1 0:45am  to  11:1 5am  End-User  Case  Study 

Larry  Singer,  SVP,  Strategic  Insight  Officer,  Sun  Microsystems 


1 1 :15am  to  noon 


Panel  Discussion:  Real-World  Wireless 

Moderator:  Julia  King,  Executive  Editor,  Events,  Computerworld 
Panelists:  Norm  Fjedheim,  SVP  and  CIO,  Qualcomm 

David  T.  Phillips,  Information  Systems  Manager, 
Foley,  Inc. 

Jenkins  Ravenel,  Principal,  Technology  and 
Operations,  Network  Computing,  Bank  of  America 
Joseph  Ziskin,  VP,  Global  Telecom  Industry,  IBM 


Roger  Gurnani 
CIO,  Verizon  Wireless 


Norm  Fjedheim 
SVP  and  CIO,  Qualcomm 


Julia  King 

Executive  Editor,  Events, 
Computerworld 
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Intel®  Xeon™  Processor  power,  more  expandability  and  more  manageability.  For  less  money.  The  HP  ProLiant  Mil  50  G2  gives  you  the  power  and  reliability 
you  need  now  with  room  to  grow  as  your  business  grows.  It  has  dual  Xeon™  Processor  capability  and  hot-pluggable  SATA  or  SCSI  drives  that  can  be  replaced 
without  powering  down.  There's  even  room  for  up  to  eight  gigabytes  of  ECC  memory  for  added  reliability  and  six  I/O  cards  for  maximum  flexibility.  Try  to  get 
that  level  of  expandability  from  our  competitors  at  this  price.  And  only  HP  offers  a  remote  management  option  with  its  Lights-Out  100  Card.  Add  a  DAT 
72  tape  drive,  and  your  compliance  and  backup  issues  are  addressed— more  securely  and  affordably.  These  are  just  two  HP  Smart  Office  Solutions  that  give 
you  more  expertise,  technology,  more  service  and  more  support.  To  get  more  without  paying  more,  run  over  to  HP. 


Save  up  to  $203' 


HP  ProLiant  ML150  SERVER 


$925 

•  Intel®  Xeon™  Processor  (3GHz 
Dual-Processor  Capable)2 

•  51 2MB  PC2700  DDR  ECC  SDRAM 

•  Broadcom  5721  PCI-Express 
Gigabit  NIC  (embedded) 

•  4  Port  SATA  Adapter  in  a  PCI  slot 
(optional  SATA  RAID  Controller  available) 

•  80GB  SATA  Hard  Disc  Drive 
(Hot-Plug  Capable)5 

•  48X  IDE  CD  ROM  Drive,  floppy  drive4 

•  5U  Tower  Chassis 

•  Hardware  limited  warranty,  1-year  parts, 
1-year  labor,  1-year  on-site  support3 


Add  secure  backup. 


HP  Storage  Works 
DAT  72  TAPE  DRIVE 

-  72GB  (using  2:1  compression)  on  a 
single  cartridge 

-  21.6GB/hr.  maximum  transfer  rate  (compressed) 

-  Reads  and  writes  DAT  72,  DDS-4  and  DDS-3  media 

-  Includes  One-Button  Disaster  Recovery  for  quick 
service  restores 


$799 

$100  instant  savings 

($899  -  $100  instant  savings  =  $799)‘ 
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MORE  ADVICE  |  MORE  TECHNOLOGY  |  MORE  SUPPORT 


Save  even  more  with  HP  Smart  Buys. 

See  our  site  below  for  more  choices  and  more  savings. 

CALL 

1-866-625-3578 

CLICK 

www.hp.com/go/ML150mag4 

VISIT 

your  local  HP  reseller 

Prices  shown  are  HP  Direct  prices:  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient’s  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount,  are  good  while  supplies  last 
and  are  available  from  HP  Direct  and  participating  HP  resellers.  All  featured  offers  available  in  U  S.  only.  1.  Savings  based  on  HP  published  list  price  of  configure-to-order  equivalent.  2.  Intel’s  numbering  is  not  a  measurement  of  higher  performance.  3.  Certain  warranty  restrictions 
and  exclusions  may  apply.  For  complete  warranty  details,  call  1-800-345-1518  (U.S.).  4.  48X  Max  CD-ROM  Drive  data  transfer  rates  vary  from  6,750  Kbps  to  7,800  Kbps.  5.  For  hard  drives,  GB=billion  bytes.  6.  $100  instant  savings  offer  valid  on  qualifying  HP  StorageWorks 
DAT  72  tape  drives  only  through  6/30/05.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P. 
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Think  Tank 

A  computer  forensics  expert 
explains  the  role  of  CIOs  in 
handling  a  data  scandal;  and 
research  suggests  that  older 
workers  have  no  problem  adapting 
to  new  IT  systems.  Page  36 


Just  Say  No 

Sure,  IT  is  supposed  to  be  an 
enabler,  but  there  are  times  when 
you  have  to  refuse  ill-advised 
business  requests  and  hare¬ 
brained  projects.  Here’s  how  to 
do  it  and  survive.  Page  38 


OPINION 

The  Wages  of  Fear 

Using  fear  as  a  management 
tool  may  have  worked  in 
Machiavelli’s  day,  says  Paul 
Glen,  but  think  twice  before 
you  try  it  in  IT.  Page  44 
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A  former  CIO  and  board 
member  tells  how  to  get  a  seat  at 
the  ultimate  table.  By  John  Blair 


ou  SEE  THESE  gray¬ 
haired  men  and  women 
heading  into  the  board- 
room  once  per  quarter. 
Often,  the  CEO  ap¬ 
proaches  you  a  few 
days  before  this  happens  and  asks  for 
a  five-line  briefing  on  one  or  two  IT 
initiatives. 

Last  year,  you  were  on  the  agenda  to 
give  a  briefing  on  the  CRM  project,  but 
it  was  late  in  the  afternoon  and  every¬ 
one  was  distracted  by  the  emerging  re¬ 


quirements  of  something  called  Sar- 
banes-Oxley.  Your  15-minute  slot  (far 
too  brief)  was  shortened  some  more. 
Since  only  one  question  was  asked,  you 
were  sure  that  making  the  afternoon 
flight  was  a  higher  priority  to  these 
gray  hairs  than  what  you  had  to  say. 

As  more  and  more  of  the  strategic  is¬ 
sues  your  company  faces  have  a  direct 
or  strong  indirect  IT  component,  the 
thought  starts  to  form:  “I  should  be  on 
the  board!” 

That’s  probably  not  going  to  happen. 
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How  It  Worked 
For  Me 
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My  path  to  a  board  position  with 
Apollo  Group  Inc.  began  25  years 
ago  when  I  was  looking  for  some 
specialized  training  for  a  group  of 
engineers  on  my  staff. 

A  small,  nontraditional  university 
was  able  to  respond,  and  that  led  to 
a  friendship  with  the  university  pres¬ 
ident.  Five  years  later,  I  was  asked 
to  join  the  university’s  board,  in  part 
because  of  my  IT  background. 

Fifteen  years  passed,  and  the  uni¬ 
versity  was  acquired  by  Apollo.  Five 
more  years  passed,  and  I  was  invit¬ 
ed  to  join  Apollo’s  board. 

My  path  to  the  board  of  a  high- 
growth  IT  services  company  was  a 
bit  shorter,  but  it  still  took  nearly  10 
years. 

It  started  when  I  assisted  a  con¬ 
sulting  client  in  choosing  an  IT  ser¬ 
vices  company  to  develop  a  key 


business  system.  A  year  or  two  later, 
that  IT  services  company  became  a 
consulting  client.  Seven  years  after 
that,  I  was  invited  to  join  the  board 
of  the  then  much  larger  and  newly 
public  IT  services  company.  My 
unique  contribution  was,  in  part,  the 
ability  to  speak  about,  listen  to,  un¬ 
derstand,  translate  and  advise  on 
the  very  complex  technology  and 
business  issues  the  company  faced. 

Two  other  board  experiences 
came  solely  as  a  result  of  being  a 
part  of  a  network  that  included  a 
number  of  entrepreneurs  who  were 
CEOs  or  on  paths  leading  to  CEO 
roles.  In  each  case,  the  combination 
of  skills  and  experience  these  entre¬ 
preneurs  sought  was  the  ability  to 
effectively  bridge  the  technology/ 
business  chasm. 

-  John  Blair 


NOT  MUCH  ROOM.  The  numbers  are 
against  you,  big  time.  First,  if  your  em¬ 
ployer  is  a  larger  public  company  (one 
of  the  roughly  9,000  companies  listed 
on  the  major  stock  exchanges),  by  law 
the  majority  of  directors  must  be  out¬ 
siders.  You  are  an  insider. 

The  CEO  thinks  he  should  have  one 
of  the  board  seats.  So  does  at  least  one 
other  insider,  and  watchdog  groups 
continue  to  pressure  public  companies 
to  have  fewer  insiders  on  the  board. 

But  you  can  improve  your  odds  dra¬ 
matically  if  you  focus  outside  of  your 
company  and  broaden  your  targets  to 
include  small  (“microcap”),  private 
and  not-for  profit  organizations. 

With  that  external  focus  and  better 
odds,  let’s  look  at  the  makeup  of  a  board. 

BOARD  MEMBER  PROFILES.  Status,  con¬ 
nections  and  expertise  all  are  factors. 
The  ideal  board  member  has  strong 
general  management  skills  and  experi¬ 
ence  plus  one  or  two  areas  of  expertise 
not  shared  by  the  other  board  mem¬ 
bers.  Diverse  experience  assures  that 
the  board  will  miss  fewer  nuances  that 
could  allow  a  small  issue  to  become  a 
large  problem. 

Many  board  members  are  current  or 
former  CEOs.  Because  of  the  require¬ 
ment  that  at  least  one  board  member 
be  financially  literate,  chief  financial 
officers  and  former  audit  partners 
from  the  Big  Four  accounting  firms  are 
now  being  recruited.  Other  than  that, 
the  profiles  vary  widely:  business 
“rock  stars,”  lawyers,  industry  special¬ 
ists,  investors,  representatives  of  spe¬ 
cial  interest  groups  and  friends  of  the 
CEO  all  show  up  to  varying  degrees. 

Most  new  board  members  either 
have  done  something  for  the  company 
or  are  expected  to  be  able  to  do  some¬ 
thing  for  the  company.  For  example, 
early  in  a  company’s  life,  board  mem¬ 
bers  with  knowledge  of  and  connec¬ 
tions  to  funding  sources,  key  regulators 
and  potential  clients  are  openly  sought. 

YOUR  UNIQUE  CONTRIBUTION.  A  recent 
Computerworld  article  estimated  that 
only  5%  of  current  board  members 
have  IT  backgrounds  [QuickLink 
51548].  As  an  experienced  and  effective 
CIO,  however,  you  bring  special  exper¬ 
tise  to  a  board.  Moreover,  Section  404 
of  the  Sarbanes-Oxley  Act  highlights 
the  need  for  IT  literacy  on  boards  to¬ 
day.  It  requires  that  the  controls  for 
financial  processes  be  effective.  Many 
of  these  controls  are  implemented 
through  the  financial  information  sys¬ 
tems  and  the  applications  that  provide 
data  to  the  financial  information  sys¬ 
tems.  So  companies  need  a  board 


member  who  can  translate  between  IT 
and  finance. 

Sarbanes-Oxley  is  just  the  latest  area 
where  some  specific  IT  skills  are  need¬ 
ed.  Six  years  ago,  the  issue  was  Y2k. 
There  will  be  more.  Most  issues  today 
have  a  significant  IT  component,  and 
effective  board  members  who  can 
translate  between  IT  and  business  will 
continue  to  grow  in  importance. 

MAKING  IT  HAPPEN.  This  is  the  hard  part. 
Becoming  a  board  member  by  building 
from  an  IT  experience  base  isn’t  easy, 
because  IT  hasn’t  been  a  typical  source 
of  board  candidates.  If  you  really  think 
you  have  a  board-level  contribution  to 
make,  start  to  make  the  moves  to  gain 
general  management  experience  to 
complement  your  proven  IT  leader¬ 
ship  experience. 

That  means  if  you  have  three  to  five 
years  of  experience  running  a  signifi¬ 
cant,  effective  IT  organization,  plan  to 
get  out  of  IT.  Look  for  places  where 
you  can  leverage  your  experience  as  a 
CIO  but  in  a  general  management  con¬ 
text.  There  are  a  lot  of  technology 
companies  that  need  senior  managers 
with  experience  in  the  corporate  IT 
function. 

Another  path  is  to  launch  your  own 
company.  As  founder,  you  will  gain  ex¬ 


perience  in  general  management,  and 
you  will  likely  be  a  member  of  the 
board  of  the  company. 

MAKING  IT  HAPPEN,  PART  2.  OK,  you’re 
on  the  way:  solid  senior  management 
experience  in  IT  and  a  growing  body 
of  experience  in  senior-level  general 
management.  The  next  task  you  face  is 
to  become  noticed  by  those  who  have 
the  influence  to  place  your  name  in 
front  of  board-member  selection  com¬ 
mittees. 

Who  are  these  people? 

Current  board  members  and  CEOs 
have  the  greatest  influence  on  choos¬ 
ing  new  board  members.  Several  of  the 
major  executive  search  firms  have 
board-member  search  practices.  Con¬ 
necting  with  the  partners  who  lead 
these  practices  will  help.  But  where  do 
they  find  candidates? 

Current  board  members  and  CEOs. 

Finding  these  people  is  also  straight¬ 
forward.  The  management  of  public 
companies  is  . . .  public.  Yahoo,  EDGAR 
and  corporate  Web  sites  are  ready 
sources  for  the  names  of  company 
CEOs  and  directors.  The  Web  sites  for 
private  and  not-for-profit  organiza¬ 
tions  typically  list  officers  and  direc¬ 
tors.  Growing  Web  services  such  as 
Linkedln  and  Friendster  are  also  valu¬ 


able  search  tools.  And  be  aware  that 
organizations  such  as  the  Association 
for  Corporate  Growth,  the  National 
Association  of  Corporate  Directors 
and  many  local  business,  networking 
and  economic  development  groups 
have  memberships  with  a  large  per¬ 
centage  of  CEOs  and  directors. 

Armed  with  a  good  list,  start  a  multi¬ 
pronged  campaign  to  meet  some  of 
these  people.  While  the  campaign  to 
become  a  director  has  some  of  the  ele¬ 
ments  of  a  job  search,  take  a  less  direct 
approach  and  look  for  opportunities  to 
work  with  your  contacts.  For  instance, 
if  you  and  your  target  are  both  mem¬ 
bers  of  a  professional  group,  look  for  a 
way  to  work  with  him  on  a  committee 
or  a  program. 

The  campaign  usually  takes  a  while 
and  is  built  from  a  number  of  substan¬ 
tial  joint  interactions.  Your  goal  is  to 
be  asked  about  your  interest  in  a  board 
role,  not  to  do  the  asking. 

It’s  said  that  any  two  people  in  the 
U.S.  are,  at  the  maximum,  only  four 
degrees  of  separation  apart,  so  don’t 
overlook  the  neighbors,  the  parents  of 
your  kids’  friends  and  the  aunt  of  the 
person  you  meet  every  now  and  then 
at  the  grocery  store. 

Each  week  take  at  least  one  action 
that  will  lead  to  an  introduction  to  a 
current  CEO  or  board  member  in  a 
company  that  might  find  you  to  be  a 
valuable  board  member  in  the  next  one 
to  three  years. 

PATIENCE  IS  A  VIRTUE.  Be  patient.  It  takes 
multiple  exposures  and  firing  at  a  lot 
of  targets  to  raise  the  odds  significant¬ 
ly.  But  Sarbanes-Oxley  and  the  contin¬ 
ued  increase  in  the  IT  content  of  most 
markets,  products  and  services  mean 
that  boards  will  need  more  members 
who  can  deal  effectively  with  these  is¬ 
sues.  If  you  think  you  have  something 
to  contribute  at  the  board  level,  start 
your  campaign  now.  But  realize  that 
this  may  be  the  longest-duration  proj¬ 
ect  you  ever  manage.  ©  53260 


Blair  has  been  a  board  member  of  two 
public  companies,  two  private  compa¬ 
nies  and  two  not-for-profit  organiza¬ 
tions.  He  was  CIO  of  two  Honeywell  di¬ 
visions,  COO  of  an  IT  professional  ser¬ 
vices  company  and  an  adviser  to  corpo¬ 
rate  leadership  on  technology-related 
management  issues.  Contact  him  at 
john@jblairconsulting.com. 


FIGURING  THE  ODDS 

John  Blair  says  there  may  be  more  board  seats 
available  than  you  imagine: 
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How  to  Handle 
A  Data  Scandal 

TODAY’S  CORPORATE  SCANDALS 
typically  involve  accounting  irregular¬ 
ities,  data  security  disasters  or  po¬ 
tentially  damaging  e-mail  messages. 
That  means  plenty  of  work  for  com¬ 
puter  forensics  experts  such  as  Larry 
Leibrock,  who  digs  into  corporate  in¬ 
formation  systems  to  answer  the 
question  “Who  knew  what  when?” 

Leibrock,  chief  technology  officer 
at  eForensics  LLC  in  Austin,  uses 
specialized  hardware  and  software 
tools  to  copy  a  computer’s  contents, 
trace  network  paths  and  scan  tera¬ 
bytes  of  data  looking  for  key  e-mails. 
For  example,  he  uses  VisualRoute 
software  from  Visualware  Inc.  in  Tur¬ 
lock,  Calif.,  to  show  judges  the  Inter¬ 
net  route  of  a  particular  message. 


But  CIOs  have  a  role  to  play  in 
these  investigations  too.  Leibrock 
says  they  should  make  sure  evidence 


-  including  e-mail  and  network  logs  - 
isn’t  purged,  contaminated  or  altered. 
To  put  it  mildly,  “judges  have  no 
sense  of  humor  about  destruction  of 
evidence,”  he  says. 

Leibrock  urges  companies  to  es¬ 
tablish  a  clear  set  of  procedures  for 
handling  computer  incidents  -  and 
then  practice  them.  Companies 
should  create  a  computer  incident  re¬ 
sponse  team[QuickLink  31034],  in¬ 
cluding  a  neutral  “capture  manager” 
who  preserves  evidence  and  keeps 
records  of  the  “chain  of  custody.” 

CIOs  also  have  to  resist  the  temp¬ 
tation  to  hold  back  or  destroy  evi¬ 
dence  in  hopes  of  protecting  the  com¬ 
pany  or  fellow  executives.  Leibrock 
says  the  CIO’s  loyalty  should  be  to  the 
IT  profession  and  the  ethical  handling 
of  information  required  by  the  court. 
©  53354 

-  Mitch  Betts 


Research  Debunks 
Stereotypes  About 
Older  Workers  and  IT 

WITHIN  FIVE  YEARS, 
20%  of  the  U.S.  work¬ 
force  will  be  more  than 
55  years  old,  says  the 
U.S.  Department  of 
Labor’s  Bureau  of  Labor 
Statistics.  That  demo¬ 
graphic  trend  is  on  a  colli¬ 
sion  course  with  deeply 
held  stereotypes  about  older  workers  resisting 
change  and  new  technologies. 

But  research  by  Tracey  Rizzuto,  assistant 
professor  of  psychology  at  Louisiana  State  Uni¬ 
versity  in  Baton  Rouge,  finds  that  some  of  the 
prevailing  views  about  older  employees  simply 
aren’t  true. 

When  Pennsylvania  state  agencies  upgraded 
their  ERP  systems  for  managing  procurement, 
Rizzuto  wondered  how  older  workers  would 
fare  in  adapting  to  the  new  technology.  So  she 


studied  more  than  360  purchasing  agents  re¬ 
garding  their  willingness  to  learn  the  new  sys¬ 
tems,  as  well  as  their  motivation,  commitment 
and  satisfaction  in  accepting  the  changes. 
(Nearly  60%  of  the  agents  studied  were  46  or 
older,  and  11%  were  over  55.) 

Contrary  to  common  belief,  Rizzuto  found 
that  older  workers  exhibited  more  willingness  to 
learn  the  new  technology  than  their  younger 
counterparts.  Veteran  employees  were  more 
“fired  up"  about  the  changes,  Rizzuto  says,  and 
most  of  them,  though  not  all,  were  supportive  of 
the  new  systems. 

Conventional  wisdom  says  technology  is  the 
province  of  the  young.  “There  is  some  research 
that  shows  older  workers  may  not  be  as  quick 
in  learning  new  technology  skills  as  younger 
people,  but  this  study  shows  the  commitment 
and  willingness  to  learn  is  stronger  among  the 
older  workers,"  Rizzuto  says. 

The  key  is  to  provide  specialized  training  pro¬ 
grams  for  older  workers  to  keep  them  current 
with  new  technologies  and  processes.  It's  a 
small  price  to  pay,  Rizzuto  says,  to  retain  em¬ 
ployees  who  are  teachable,  adaptable  and  loyal. 


Rizzuto  plans  to  present  her  findings  at  an 
April  conference  of  the  Society  for  Industrial 
and  Organizational  Psychology  in  Los  Angeles. 


GOT  ANY  BRIGHT  IDEAS?  Send  them  to 
pitches@computerworld.com. 
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healthy  increases  in  IT  spending 
this  year,  especially  for  storage, 
servers  and  Internet  telephony,  ac¬ 
cording  to  a  survey  of  1,400  midsize 
companies  in  the  U.S.,  Canada  and  the 
U.K.  In  the  study  conducted  by  Info- 
Tech  Research  Group  Inc.  in  London, 
Ontario,  51%  of  the  respondents  said 
they  expect  to  increase  IT  spending 
this  year,  and  a  surprising  one-third 
said  that  they’ll  boost  IT  spending  by 
more  than  15%. 

■  Federal  agencies  have  been  get¬ 
ting  poor  marks  for  IT  security  re¬ 
cently  [QuickLink  52707],  but  ft  looks 
like  they  plan  to  spend  the  money  it 
takes  to  get  better  grades.  Reston,  Va.- 
based  research  firm  Input  says  civilian 
agencies  plan  to  increase  spending  on 
cybersecurity  by  27%  over  the  next 
five  years. 
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IDC  researchers  say  their  index  of 
business  IT  demand  (below)  shows 
that  user  spending  expectations  have 
taken  an  optimistic  turn.  “After  several 
quarters  of  decent  corporate  profits,  it 
seems  that  buyers  are  hoping  some 
additional  funds  will  trickle  down  into 
IT  spending,”  says  John  Gantz,  IDC’s 
chief  research  officer. 


Index  of  Business  IT 
Demand,  2004*2005 


Sept  OcL  Nov.  Dec. 


The  buyer  intent  index  is  based  on  r 
veys  of  400  to  500  U.S.  CIOs  and  t 
ecutives,  who  are  asked  about  their  IT  s 
expectations  for  the  next  12  months.  Results  are 
weighted  to  be  representative  of  the  U.S.  mar¬ 
ket.  An  index  of  1,000  means  zero  growth. 
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Fred  held  was  CIO  at  Mat¬ 
tel  Toys  Inc.  for  most  of  the 
1970s.  He  recalls  the  day  a 
gung-ho  marketing  execu¬ 
tive,  apparently  having  just 
read  Popular  Science,  asked, 
“Can  we  put  a  chip  in  every  product, 
hook  up  to  spy  satellites  and  track 
where  everyone  goes,  so  we  can  really 
see  who  buys  our  toys?  We  could  check 
which  stores  have  too  much  inventory 
and  transfer  product  accordingly.” 

Disregard  the  fact  that  the  technol¬ 
ogy  was  at  least  three  decades  away. 
The  marketing  guy  was  proposing  to 
insert  a  Cold  War  espionage-inspired 
tracking  device  in  every  Hot  Wheels 
car  and  Barbie  doll  sold  worldwide. 
Can  you  say  “worst  public  relations 
calamity  ever”? 

Needless  to  say,  Held  —  who  is  now 
a  partner  at  Tatum  Partners,  a  profes¬ 
sional  services  firm  in  Atlanta  —  de¬ 
clined.  “You  have  a  great  deal  of  fore¬ 
sight,”  he  told  the  exec.  “This  isn’t 
quite  possible  right  now,  but  we’re  go¬ 
ing  to  keep  an  eye  on  it.”  Thus  the  mar¬ 
keting  guy  went  away  flattered,  and 
Held  turned  him  down  cold  with  no 
ill  effects. 

This  is  by  no  means  an  easy  thing  to 
do,  and  since  Held’s  days  at  Mattel,  it 
has  only  gotten  tougher.  In  today’s  cor¬ 
porations,  IT  is  supposed  to  be  an  en¬ 
abler,  a  conduit  rather  than  a  gatekeep¬ 
er.  When  a  line-of-business  executive 
proposes  a  project,  IT  is  supposed  to 
make  it  happen. 

Unfortunately,  some  of  those  ideas 
are  too  risky,  difficult  to  justify  given 
the  company’s  overall  IT  picture  or 
just  plain  hare-brained.  But  the  IT 
executive  who  says  no  may  be  putting 
his  career  on  the  line. 

The  key,  according  to  CIOs,  project 
managers  and  other  experts,  is  to  ask 
for  and  provide  facts  until  the  person 
who  made  the  request  is  forced  to  ac¬ 
knowledge  that  the  idea  won’t  fly. 

‘Press  Statement’  Method 

“You  need  to  get  everyone  to  recognize 
risks  and  alternatives,”  says  Jerry  Luft- 
man,  author  of  Competing  in  the  Infor¬ 
mation  Age:  Align  in  the  Sand  (Oxford 
University  Press,  2003)  and  a  professor 
at  the  Stevens  Institute  of  Technology 
in  Hoboken,  N.J.  “You  can’t  just  say 
no,  put  your  hands  over  your  ears  and 
walk  away.  You  want  to  get  them  to 
recognize  why  the  answer  has  to  be 
no;  that’s  the  trick.” 

This  diplomacy  may  not  come  natu¬ 
rally  to  many  in  IT,  a  discipline  long 
known  for  bluntness.  Carolynn  Ben¬ 
son,  a  senior  consultant  at  Bedford, 
N.H.-based  Ouellette  &  Associates 


JUST  SAY 


HOW  TO  REFUSE  ILL-ADVISED 
BUSINESS  REQUESTS  AND  LIVE  TO 
TELL  THE  TALE.  BY  STEVE  ULFELDER 


Consulting  Inc.,  says  that  in  training 
courses,  she  teaches  clients  to  say  no 
with  a  “press  statement”  —  a  positively 
worded  refusal.  “The  way  to  say  no  is 
with  options,”  Benson  says. 

A  typical  hell-no  press  statement 
might  begin,  “IT  is  committed  to  help¬ 
ing  your  department  meet  its  business 
goals.  After  reviewing  your  proposal, 
we  believe  the  following  options  will 
help  achieve  those  goals  and  provide 
value  for  the  company.”  Absent  from 
the  list  of  options,  of  course,  is  the  one 
proposed  by  the  manager. 


What  do  you  do  when  an  executive 
doesn’t  like  this  answer?  “You  push 
back  with  your  press  statement,”  she 
says.  If  things  get  ornery,  you  bump  the 
conflict  up  to  the  next  level  with  an¬ 
other  statement:  “The  person  who  can 
put  your  request  back  on  track  is  the 
CEO.  Shall  we  go  to  the  CEO  together 
and  present  our  arguments?” 

Frequently,  the  big  “no”  concerns  a 
completely  unrealistic  time  frame  for  a 
project.  Then  IT  is  not  so  much  refus¬ 
ing  to  tackle  the  project  as  making  sure 
it  gets  the  time  needed  to  do  the  job 


properly.  Dave  Berg,  CIO  at  Salt  Lake 
City-based  O.C.  Tanner  Co.  and  presi¬ 
dent-elect  of  the  Society  for  Informa¬ 
tion  Management’s  InterMountain 
Chapter,  tells  of  a  recent  dust-up. 

For  more  than  half  a  decade,  the 
employee-award  company  had  wanted 
to  automate  certain  pricing  and  prod¬ 
uct-replacement  tasks  in  its  backbone 
application,  but  the  request  always  fell 
to  the  bottom  of  the  pile.  Late  in  2004, 
without  warning,  the  head  of  manufac¬ 
turing  and  the  chief  operating  officer 
“decided  all  of  a  sudden  that  this  was 
the  most  important  thing  in  the  world,” 
Berg  says,  and  they  wanted  it  in  Janu¬ 
ary.  Berg  countered  with  March.  They 
compromised  on  February. 

IT  was  on  target  to  make  the  release 
date,  but  an  error  was  discovered  in 
testing.  Then  came  the  moment  of 
truth:  Berg  faced  heavy  pressure  to 
release  the  feature  with  a  significant 
flaw.  He’d  been  forced  into  a  tough 
spot:  A  buggy  release  would  cause 
hundreds  of  employees  to  grumble 
and  blame  IT.  On  the  other  hand, 

Berg  might  be  viewed  as  obstinate,  a 
typical  perfectionist  techie,  if  he  in¬ 
sisted  on  holding  up  the  release  to  fix 
the  error. 

He  held  his  ground  and  insisted  on 
additional  programming  and  testing, 
followed  by  a  clean  March  release. 

Were  there  some  tense  discussions 
when  Berg  demanded  to  let  the  sched¬ 
ule  slip?  Sure.  But  that’s  not  the  end  of 
the  world.  As  Berg  puts  it,  “If  you  nev¬ 
er  say  no,  you  must  be  a  yes  man  — 
and  nobody  likes  a  yes  man.”  O  53264 


Ulfelder  is  a  Computerworld  contribut¬ 
ing  writer.  Contact  him  at  sulfelder@ 
charter.net. 


THE  ABILITY  to  turn  down  a  request 
begins  long  before  that  request  is  made. 
IT  managers  agree  that  to  be  respected 
when  conflict  arises,  you  must  first  earn 
the  trust  of  fellow  executives.  “Before  you 
can  say  no,  you  need  a  relationship  of 
mutual  trust,”  says  Florin  Docea,  a  project 
manager  at  The  Northwestern  Mutual 
Life  Insurance  Co.  in  Milwaukee  and  a 
past  president  of  the  Society  for  Informa¬ 
tion  Management. 


This  trust  rests  on  three  pillars: 

■  Sound  cost-tracking  processes.  If 
your  company  lacks  metrics  for  IT  costs, 
you’ll  face  an  uphill  battle  in  explaining  to 
business  execs  why  the  risk-reward  ratio 
of  their  pet  project  makes  it  a  no-go.  “If 
there’s  no  way  for  IT  to  charge  back  for  a 
project,  business  [managers]  are  not  go¬ 
ing  to  experience  the  consequences”  of 
their  requests,  says  Gartner  Inc.  analyst 
and  Computerworld  columnist  Barbara 
Gomolski.  “You  need  an  environment 
where  people  are  really  going  to  be  pay¬ 
ing  for  what  they’re  using." 

■  Strong  relationships  with  fellow 
executives.  Fred  Held,  former  CIO  at 
Mattel  Toys,  says  that  when  he  took  that 
job,  “a  top  executive  told  me,  ‘If  you’re 


not  spending  70%  to  80%  of  your  time 
with  line  executives,  you’re  not  doing 
your  job.'  ” 

Adds  Held,  “That  prevents  line  execu¬ 
tives  from  saying  they  can’t  do  their  jobs 
because  IT  doesn’t  support  them.” 

■  A  history  of  enabling  strong  proj¬ 
ects.  Your  “no”  means  more  if  you  have 
a  track  record  of  saying  yes  whenever 
possible.  This  is  especially  important  for 
project  managers  and  others  who  lack 
veto  power,  says  Carolynn  Benson,  a  se¬ 
nior  consultant  at  Ouellette  &  Associates. 

“As  a  project  manager,  you  don't  have 
direct  influence,”  she  says.  “So  you  must 
build  influence  by  being  a  strong  support¬ 
er  of  business  goals.” 

-  Steve  Ulfelder 


Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Rational  Software 
It  has  the  power  to  keep  any-size  project  on  schedule.  On 
budget.  On  the  right  track.  Built  on  existing  assets.  The  IBM 
Software  Development  Platform  is  open.  Flexible.  It  makes 
change  manageable,  more  predictable.  Market-leading 
tools  like  Rational  ClearCaser  Rational  Unified  Process® and 
Rational  Portfolio  Manager  ease  project  management.  See 
how.  Register  for  the  IBM  Project  Manager  Survival  Kit  now. 


1.  Changes  accommodated  easily. 

2.  Scope  managed  efficiently. 

3.  Resources  allocated  precisely. 

4.  Progress  monitored  on  dashboard. 

5.  Upgrade  completed  ahead  of  schedule. 


Get  the  IBM  Project  Manager  Survival  Kit  now  at  ibm.com/middleware/manage  JJJJ DEMAND  BUSINESS 
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Key 

MIDDLEWARE  IS  IBM  SOFTWARE.  The  IBM 

TotalStorage®  Open  Software  Family.  It  automatically 
helps  manage  and  optimize  highly  complex  storage 
environments.  By  centralizing  information.  By  fully  utilizing 
resources.  By  simplifying  data  compliance.  Help  slash 
long-term  storage  costs.  On  demand.  Comprehensive, 
reliable  storage  management  solutions  from  IBM. 

1.  Statistics  from  Asia  retrieved  quickly. 

2.  Paris  client’s  portfolio  accessed  securely. 

3.  Critical  information  archived  automatically. 

4.  Data  kept  within  compliance  guidelines. 

5.  Optimized  storage  supports  heavy  volume. 

Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/resource 
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The  CIO  as  Change  Agent 


Leading  CIOs  are  playing  much  more  in¬ 
fluential  business  roles  than  they  have  in 
the  past,  according  to  a  study  by  Meta 
Group  Inc.  The  study,  “The  CIO  as  Enter¬ 
prise  Change  Agent,”  surveyed  115  senior  IT 
executives  in  order  to  assess  the  evolving 
role  of  the  CIO,  and  follow-up  interviews 
were  conducted  with  a  subset  of  CIOs  who 
had  exhibited  their  use  of  best  practices. 
Nearly  half  of  the  respondents  (47%) 
indicated  that  they  have  broadened  their 
responsibilities  beyond  the  traditional 
CIO  role  to  take  on  some  form  of  busi¬ 
ness  responsibility,  in  fact,  35%  came  to 
the  CIO  position  with  a  business  background. 
According  to  Meta,  the  executives  in  the 


study  are  committed  to  becoming  enterprise 
change  agents.  Respondents  repeatedly 
cited  three  primary  obstacles  to  transfor¬ 
mational  success:  an  internal  culture  resis¬ 
tant  to  change,  organizational  politics  and  the 
existence  of  too  many  conflicting  priorities. 

The  following  are  among  the  recommen¬ 
dations  Meta  makes  for  serving  as  an  effec¬ 
tive  change  agent  in  the  years  ahead: 
a  Ensure  that  the  IT  house  is  in  order. 

■  Respect  the  difficulty  of  behavioral 
transformation. 

■  Become  an  expert  on  your  industry’s 
value  chain  and  competitive  dynamics. 

«  Influence  your  CEO  to  create  the  prop¬ 
er  climate  for  change. 


Feeling 

Insecure 

An  informal  online  survey  by  Dice.com  in 
February  found  lack  of  job  security  to  be 
the  greatest  contributor  to  IT  job  stress. 


In  your  opinion,  which  factor 
is  the  greatest  contributor 
to  IT  job  stress? 


Lack  of  job 
security: 
43% 


Always  having 
do  more 
less: 
20% 


Learnin 
skills: 

Being  under¬ 
paid:  13%  — 


Few  opportu¬ 
nities  for 
growth  or  pro¬ 
motion:  15% 


SOURCE:  DICE  INC. 


The  Lure  of 
Foreign  Shores 

Senior  executives  are  showing  signs 
that  they’re  up  to  the  challenge  of 
taking  a  career  risk. 

Which  of  the  following  major 
changes  would  you  consider? 
Pick  i 


career 


:  only  one. 


Take  an  overseas 
assignment: 

37% 


Change 
industries: 
33% 


Open  a 
ness: 
19% 

Take  a  year  off:  5% 

Work  part  time:  2% 

Number  of  respondents:  2,704 

SOURCE:  SURVEY  BY  KORN/FERRY  INTERNATIONAL. 
FEBRUARY  2005. 


I  would  not 
consider  any 
of  these:  4% 


Maria 

Schafer 
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TITLE:  Senior 
program  director, 
human  capital 
management 

Meta 

Group  Inc.,  Stam¬ 
ford,  Conn. 


One  of  the  biggest 
gaps  in  IT  workforce  management 
these  days  is  the  lack  of  succes¬ 
sion  planning  both  for  technical 
line  workers  and  for  the  next  gen¬ 
eration  of  junior  and  midlevel  IT 
managers,  says  Maria  Schafer. 

The  problem  is  expected  to 
become  particularly  acute  over 
the  next  10  years  as  many  baby 
boomer  IT  workers  reach  retire¬ 
ment  age  and  fewer  IT  workers 
enter  the  market,  she  says. 

Schafer  spoke  with  Computer- 
world’s  Thomas  Hoffman  about 
the  pending  problem  and  steps 
that  IT  executives  should  be  taking 
to  address  it. 


that  are  expected  to  occur  over  the  next 


several  years?  Ten  years  from  now,  we’re 
going  to  be  facing  a  big  potential  gap.  Senior 
management  hasn’t  done  a  good  job  with 
succession  planning.  We  just  don’t  think  in 
long-term  horizons  in  the  U.S.  like  they  do  in 
Japan  and  Germany. 

What  steps  should  IT  executives  be  tak¬ 
ing  to  address  this?  This  concept  of  suc¬ 
cession  planning  has  to  be  made  more  of  an 
ongoing  process  and  has  to  extend  down  the 
chain  farther  than  it  has  in  most  places.  It's 
about  identifying  who  your  next  set  of  leaders 
is,  not  just  at  the  executive  level  but  also  proj¬ 
ect  managers  and  project  leaders.  That’s  how 
you  create  opportunities  for  people  at  these 
levels:  putting  in  place  some  development 
activities  for  a  structure  and  path  for  them 
to  follow. 

What  else  can  be  done?  One  thing  I  often 
hear  from  IT  management  and  FIR  people  is 
how  there’s  an  unwillingness  among  IT  work¬ 
ers  who  have  been  in  certain  positions  for  a 
long  time  to  explore  reskilling  or  new  training. 
It  comes  back  to  this  whole  idea  of  creating  a 
continuous  learning  environment.  IT  manage¬ 
ment  and  FIR  can  help  here.  That  means  de¬ 
veloping  a  more  strategic  orientation  from  a 
variety  of  constituencies.  What  the  individual 
IT  worker  needs  to  do  is  to  be  open  and  to 
communicate  that  openness  to  learning  new 
types  of  techniques  to  help  increase  their  val¬ 
ue  to  the  organization.  Companies  want  peo¬ 
ple  who  have  skills  that  go  across  a  variety  of 
areas.  O  53233 


Where’s  the  Gusto? 


Management  consistently  deadens  the 
natural  enthusiasm  that  new  employees 
bring  to  their  jobs,  according  to  the  book  The 
Enthusiastic  Employee:  How  Companies  Profit 
by  Giving  Workers  What  They  Want  (Wharton 
School  Publishing/Pearson,  2005).  According 
to  research  by  authors  David  Sirota,  Louis  A. 
Mischkind  and  Michael  Irwin  Meltzer,  employ- 
66S  enthusiasm  declines  by  up  to  15% 
after  they  have  gained  more  than  six 
months  on  the  job  -  and  it  never  recovers 
to  the  original  level. 

The  authors  cite  several  reasons: 

■  Management’s  policies  are  aimed  toward 
the  troublesome  5%  of  employees  rather  than 
the  good  95%. 

■  Managers  are  often  indifferent  to  those 
they  manage. 

■  Companies  have  been  too  quick  to  respond 
to  adverse  business  conditions  with  layoffs. 


“It’s  hard  for  people  to  be  enthusiastic  about 
an  organization  that  is  not  enthusiastic  about 
them,"  says  Sirota,  the  book’s  lead  author. 


2003-04 , 
Survey  Results 

JOB  SATISFACTION 
CATEGORY  (out  of  100  points) 


Employees  with 
average  of  six  months 
with  employer 

80 

Employees  with 
one  to  five  years 
working  for  employer 

69 

Employees  with 
six  to  10  years 
working  for  employer 

68 
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Got  an  award-worthy 
mobile  and  wireless 
project? 

Submit  it  for  consideration 
by  May  2nd! 
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Featured  speakers  include: 


ANDRES  CARVALLO 

CIO 

Austin  Energy 

PHIROZ  DARUKHANAVALA 

CTO 

British  Petroleum 

RON  FIJALKOWSKI 

CIO 

Strategic  Distribution  Incorporated 

ERNEST  PARK 

CIO 

Maytag 

JOHN  WADE 
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Saint  Luke’s  Hospital 

DALE  FRANTZ 

CIO 

Auto  Warehousing 


The  Leading  Conference  for: 

•  IT  Management 

•  Mobile/Wireless  Technology  Architects 
and  Implementers 

•  Mobile-intensive  Application  Implementers 

•  Wireless  LAN/Wi-Fi/Network  Professionals 

Topic  Areas  Include: 

•  Top-down  Planning  for  Enterprise  Wireless 
Infrastructures 

•  Building  and  Defending  the  Business  Case 

•  Adapting  Desktop  Applications  to  Plandhelds 

•  Using  Broadband  Wireless  ISPs 

•  RFID 

•  Cellular  Mobile  Data  and  Carrier  Management 

•  WLANs  and  Security 


To  register  or  for  more  information, 
visit  www.mwwusa.com/cw 
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Project 

Management 

■  April  27-28,  Atlanta 
Sponsor:  International  Quality 
and  Productivity  Center 

The  Program  Management  Office  Best 
Practices  conference  focuses  on  port¬ 
folio  management  strategies,  offshore 
project  management  methodologies 
and  identifying  career  paths  for  PMO 
professionals.  Topics  include  setting 
up  a  PMO,  balancing  bureaucracy  and 
value,  managing  cultural  change, 
leveraging  technology  for  portfolio 
management  and  using  metrics  to 
demonstrate  value,  www.iqpc.com 


GigaWorld  IT  Forum 

■  May  2-5,  Dallas 

Sponsor:  Forrester  Research  Inc. 

Topics  at  The  Business  of  IT:  Visible 
Process  Improvement  conference 
include  integrated  IT  management, 
next-generation  architecture,  global 
sourcing  strategies,  building  customer 
loyalty,  future-proofing  your  infrastruc¬ 
ture  and  the  trend  toward  simplicity. 
There's  also  a  vendor  track:  leveraging 
innovation  to  exceed  customer  need. 
www.forrester.com/events 


Search  Engine 
Strategies 

■  May  4-5,  Toronto 
Sponsor:  Jupitermedia  Corp. 

Topics  for  the  Search  Engine  Strategies 
2005  Conference  and  Expo  include 
basic  and  advanced  link-building,  al¬ 
ternative  pay-per-click  search  engines, 
dynamic  Web  sites,  Flash  and  non- 
HTML  content  optimization,  contextual 
ads,  search  engine  marketing,  localiza¬ 
tion,  search-term  research,  successful 
site  architecture,  Web  server  issues 
and  measuring  success. 
www.jupiterevents.com 


Mobile  Showcase 

■  May  9-12,  Indian  Wells,  Calif. 
Sponsor:  MobileTrax  LLC 

Topics  include  managing  mobile  and 
remote  assets  and  new  paradigms  in 
wireless  data.  Also  scheduled  are  live 
demonstrations  of  mobile  computing, 
wireless  data  hardware  devices  and 
software  applications. 
www.mobiletrax.com 


PAUL  GLEN 


The  Wages  of  Fear 


IN  THE  CIRCLES  OF  POWER,  fear  is  often 
admired  as  a  potent  motivator.  In  his  classic 
discourse  on  power  politics,  The  Prince,  Niccolo 
Machiavelli  offered  the  following  thoughts  on 
the  question  of  whether  it  is  better  for  a  leader 
to  be  feared  or  loved: 

“If  we  must  choose  between  them,  it  is  far  safer  to 
be  feared  than  loved.  For  of  men  it  may  generally  be  af¬ 
firmed,  that  they  are  thankless,  fickle,  false,  studious  to 
avoid  danger,  greedy  of  gain,  devoted  to  you  while  you 
are  able  to  confer  benefits  upon  them,  and  ready  . . . 


while  danger  is  distant,  to 
shed  their  blood,  and  sacri¬ 
fice  their  property,  their 
lives,  and  their  children 
for  you;  but  in  the  hour 
of  need  they  turn  against 
you.” 

So  naturally,  he  would 
have  considered  occasion¬ 
al,  small-scale  cruelty  justi¬ 
fiable  and  wise  when  it  in¬ 
spired  fear  and  enabled  a 
prince  “to  keep  his  subjects 
united  and  obedient.” 

Ethical  issues  aside,  this 
seems  to  work  reasonably 
well,  at  least  for  a  while,  if 
your  goal  is  to  control  the 
behavior  of  a  population, 
quell  social  unrest  or  sup¬ 
press  dissent.  But  if  your  goal  is  to  lead 
a  group  of  knowledge  workers  to  peak 
productivity,  this  may  not  be  a  recipe 
for  success. 

As  a  consultant  and  speaker,  I 
have  the  privilege  of  peeking  into 
many  companies,  associations  and 
IT  departments.  Within  each,  one  can 
discern  subtle  attitudes,  beliefs  and 
emotions  regarding  their  leaders. 

In  organizations  where  the  leader¬ 
ship  either  deliberately  or  inadvertent¬ 
ly  cultivates  fear,  I’ve  observed  some 
interesting  patterns.  Few  of  them  are 
particularly  helpful  for  the  organiza¬ 
tion  or  its  leaders. 


\ 


Paul  glen  is  an  IT  man 
agement  consultant  in 
Los  Angeles  and  the  au¬ 
thor  of  the  award-winning 
book  Leading  Geeks: 
How  to  Manage  and  Lead 
the  People  Who  Deliver 
Technology  ( Jossey-Bass 
Pfeiffer,  2003; 
www.leadlnggeeks.  com) . 
He  can  be  reached  at 
info@c2-consutting.com. 


Creative  energy  is  misdirect¬ 
ed.  There  seem  to  be  limits 
on  the  creative  energy  of 
any  group.  Only  so  many 
hours  a  day  are  really  pro¬ 
ductive  for  generating  the 
best  answers  to  the  impor¬ 
tant  questions  at  hand. 
When  a  group  comes  to 
fear  its  leadership,  a  great 
deal  of  that  creative  energy 
is  siphoned  off  into  ques¬ 
tions  of  how  to  mollify  the 
manager  rather  than  how 
to  support  the  organization 
with  technology. 

The  staffers  focus  their 
attention  on  what  they 
feel  are  basic  issues  of  per¬ 
sonal  security  rather  than 
on  organizational  accomplishment.  If 
an  employee  is  worried  that  you  might 
publicly  humiliate  her  because  she 
forgot  to  use  the  official  corporate 
PowerPoint  slide  template,  then  she’s 
diverted  some  of  that  vital  energy 
away  from  the  valuable  content. 

Offhand  remarks  are  transformed  into  rigid 
policies.  One  way  for  staffers  to  avoid 
potential  confrontations  is  to  try  to  get 
decisions  made  in  informal  chats. 

Imagine  that  you  are  the  scary  boss. 
You’re  walking  through  the  hall,  and  a 
subordinate  tells  you,  “We’re  going  to 
send  you  a  status  report  on  Friday.” 
And  you  say,  “Sounds  great;  the  morn¬ 


ing  is  best,”  because  you’ll  be  leaving 
early  to  visit  your  grandmother  in 
Schenectady. 

Next  thing  you  know,  every  project 
manager  in  the  organization  is  grum¬ 
bling,  angry  and  upset,  because 
they’ve  all  heard  that  there  is  a  new 
policy  that  EVERY  PROJECT  MUST 
HAVE  A  STATUS  REPORT  DELIV¬ 
ERED  TO  THE  BOSS  BY  NOON 
EVERY  FRIDAY  ...  OR  ELSE.  There 
are  whispers  in  the  hall,  “How  come 
we  can’t  turn  them  in  Monday?  Why 
can’t  we  use  the  weekend?” 

The  pressure  builds  until  someone 
eventually  breaks  and  blurts  out  his 
frustration  and  incredulity  at  a  public 
meeting,  and  you’re  left  slack-jawed 
wondering  how  this  all  started. 

No  one  wants  to  talk  to  the  scary  boss. 
You’ve  announced  an  open-door  poli¬ 
cy.  All  staffers  have  an  open  invitation 
to  come  to  your  office  to  discuss 
anything  troubling  them.  Yet,  on 
those  rare  occasions  when  you’re 
not  in  a  meeting,  you  could  hear  crick¬ 
ets  chirping  to  the  gentle  whine  of 
your  hard  drive.  No  one  wants  to 
talk  to  you. 

Before  long,  you  don’t  really  know 
what’s  going  on.  The  staff  has  spent  its 
creative  energy  constructing  a  rosy 
picture  of  reality,  presented  in  the 
most  formal  settings,  designed  to 
avoid  your  wrath. 

And,  sadly,  you’re  probably  smart 
enough  to  know  that  you’re  being 
snowed,  but  you  don’t  know  quite 
how  to  break  through  to  these  people. 
Eventually,  your  frustration  comes  out 
in  a  burst  of  anger  —  and  the  cycle 
begins  again. 

These  are  among  the  wages  of  fear. 
On  the  good  side,  the  staffers  have 
been  unified.  On  the  bad  side,  they  are 
probably  unified  against  you.  ©  53263 

ARE  YOU  A  SCARY  BOSS? 

There  are  a  number  of  reasons  why  your  staff  might  be 
afraid  of  you.  Go  to  our  Web  site  to  learn  more: 

OQuickLink  52678 

www.computerworld.com 
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Software  Engineer  will  be 
responsible  for  the  design  and 
development  of  real-time  energy 
systems  software  based  on 
existing  requirements.  Will  de¬ 
sign,  develop,  implement  and 
maintain  a  billing  engine  with  the 
ability  to  cope  with  any  utility  tar¬ 
iff  and  produce  bills.  Will  add 
functionality  to  existing  software 
system  and  enhance  the  stabili¬ 
ty  of  the  system.  Will  maintain 
the  systems  environment  in  the 
company's  laboratory  and  on 
production  and  staging  servers. 
Requires  B.S.  or  equivalent  in 
Comp.  Sci.  or  Comp.  Eng.  and 
two  (2)  years  exp.  in  job  offered 
or  two  (2)  years  exp.  in  the 
development  of  energy  systems 
software.  Candidate  must  also 
possess  demonstrated  expertise 
programming  in  Visual  C++, 
Visual  Basic  and  C;  demonstrat¬ 
ed  expertise  with  billing  and  tar¬ 
iffs  in  the  utility  industry;  and 
demonstrated  expertise  in  soft¬ 
ware  development  using  tools 
such  as  Source  Safe,  Rational 
Rose,  Java  or  J2EE.  Salary 
$58,275/yr;  M-F,  9:00AM-5:00 
PM.  Submit  two  (2)  copies  of 
resume  to  Case  #  200300736. 
Division  of  Career  Services, 
Labor  Exchange  Office,  19 
Staniford  St.,  1st  FI. .  Boston,  MA 
02114.  EOE.  Applicants  must  be 
U  S.  workers  eligible  to  accept 
employment  in  the  United  States 
on  a  full-time  basis. 


PROGRAMMER/BUSINESS 
ANALYSTS  (Woodbridge,  New 
Jersey)  -  Knack  Systems,  a 
leading  software  company 
seeks  analysts  with  exp.  in  SAP 
R/3  ABAP/4  programming  with 
BDC,  SAP  script,  Reports,  In¬ 
terfaces  &  Enhancements.  An¬ 
alyze  business  processes,  per¬ 
form  As-ls  study  and  implement 
solutions  using  SAP  R/3;  Prog. 
Analysts  with  exp.  in  internet 
application  dev.  Using  Microsoft 
technologies  (  NET  platform), 
Java  (JDK/J2EE/VisualAge),  C, 
C++.  XML,  XSL,  JavaScript,  VB, 
ASP,  Unix  &  Databases;  ETL 
prog  analyst  -  design  and  devel¬ 
op  new  ETL  processes  from 
source  systems  to  data  ware¬ 
house,  undertake  data  model¬ 
ing,  and  deploy  business  intelli¬ 
gence/information  management 
solutions  by  using  IBM  AS400, 
DB2,  SQL,  COBOL,  RPG,  CLP, 
Data  mirror,  Erwin,  and  Power- 
designer  Bus.  Analyst  with 
strong  RUP  methodology,  UML 
and  use  case  exp;  Develop  and 
implement  test  plans;  Gather  & 
Analyze  Business  Require¬ 
ments;  develop  systems  require¬ 
ments;  Design  and  document 
procedures  and  work  flow;  build 
business  process  flows,  arch  & 
data  management  diagrams. 
Full  time,  direct  hire,  salary  com¬ 
mensurate  with  exp.,  full  bene¬ 
fits  pkg.  Email  resumes  to 
HR@Knacksvstems.com  or  mail 
resumes  to  1  Woodbridge  Cen¬ 
ter,  Ste  335,  Woodbridge,  NJ, 
07095. 


Comp:  S/W  Engrs  (hvg  Mast 
Deg  w/2  or  Bach  Deg  w/5  yrs 
exp)  &  Progmr  Analysts 
w/exp  req'd.  Exp  must  incl 
combinations  of  C++,  .Net, 
Java,  PB,  SAS,  SAP,  People- 
soft,  Siebel,  Informatica, 
BusinessObjects,  Documen- 
tum,  Cognos,  Oracle  PL/ 
SQL,  Oracle  DBA,  Clinicals, 
Sybase,  DB2,  Linux,  Unix  & 
Windows  NT.  Millennium 
Information  Tech,  666 
Plainsboro  Road,  STE  455, 
Plainsboro,  NJ  -  08536. 


Analyst  for  specialty  finance  Co. 
in  Miami  to  analyze  comp,  sys¬ 
tems  infrastructure  to  ensure 
data  consistency,  revenue  and 
pipeline  reports.  F/T  position  M- 
F  pays  market  level  salary. 
Applicants  with  Bachelor's  in  I.T. 
with  strong  background  in 
Finance+1  yr.  rel.  exp.  send 
resumes  only  to  V.P.  Human 
Res.  Bayview  Financial  L.P. 
4425  Ponce  De  Leon  Blvd,  5th 
floor,  Coral  Gables,  Florida 
33146 


Specialist,  Computer  Apps. 
Florida  Atlantic  University,  Boca 
Raton,  FL  .Designs,  Develops 
and  customizes  applications 
that  interact  with  relational  data- 
bases(SQL  Server,  Oracle  & 
MS  Access). MS  in  MIS  ICS  +  1 
yr  exp.  Req’d  1  yr  of  adv  pro¬ 
gramming  exp  (UNIX  &  win¬ 
dows)  developing  database- 
based  apps.  Position  #981472. 
For  further  details,  application 
instructions,  &  complete  job 
description,  please  visit  our 
website  at  http://personnel.fau 
■edu/Emplovment/Jobs/APList. 

asp#2150  or  call  561-297-3058 
(Voice/  TTY)  EO/EA. 


Hyland  Software,  Inc.  seeks 
qualified  Database  Consultants 
(DBC),  Programmers  (PROG), 
Computer  Support  Specialists 
(CSS),  Computer  Sales  Rep 
(SALES)  and  Software 
Engineers  (SE)  to  work  in 
Cleveland,  OH.  Please  apply 
online  at  http://jobs.onbase.com 
must  reference  Job  Code  where 
indicated  to  be  considered  or 
send  resume  to  HR  Department, 
28500  Clemens  Road, 
Westlake,  Ohio  44145.  Must  ref¬ 
erence  job  code  in  cover  letter. 
EOE. 


Online  Recruitment 
Opportunities 


Post  your  recruitment  message  on  itcareers.com 
and  reach  highly  qualified  IT  professionals  with 
the  hard-to-find  skills  you  need. 

♦  Corporate  memberships 

♦  Job  posting  packages 

♦  Resume  database 

♦  Single  job  posting 

♦  Integrated  print/online  packages 

Call  us  today  for  rates  and  additional 
advertising  opportunities! 

iT|careers  www.itcareers.com 

800-762-2977 
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Computerworid  -  InfoWorld  -  April  4,  2005 


Project  Manager  (Orlando, 
FL).  Expanding  hospitality 
and  business  management 
company  seeks  software  pro¬ 
fessional  to  plan,  manage, 
and  maintain  various  Internet 
and  business  system  projects 
through  project  life  cycle. 
Prior  project  and  resource 
management  experience  uti¬ 
lizing  web/Internet  technolo¬ 
gies  helpful.  Competitive 
salary.  Mail  resume  to  Avista 
Management  Inc.,  5353 
Conroy  Road,  Suite  200, 
Orlando,  FL  3281.  Attn:  Sofia 
Barnes 

Software  Engineer  (Orlando, 
FL).  Technology  company 
seeks  software  professionals 
to  develop,  and  manage  net¬ 
works  and  systems  by  utiliz¬ 
ing  knowledge  of  Java, 
JavaScript,  C,  C++,  PASCAL, 
HTML,  CISCO  7204,  Real 
Media  Technology  and  DNS 
Server.  Extensive  Knowledge 
in  ColdFusion,  SQL  Server 
2000,  Netscreen  Firewalls, 
and  BIG-IP  Loadbalancers 
preferred.  Competitive  salary. 
Mail  resume  to  Avista 
Management  Inc.,  5353 
Conroy  Road,  Suite  200, 
Orlando,  FL  32811.  Attn:  Sofia 
Barnes 


SAP  FI  CO  Analyst.  Bachel¬ 
or's  degree  in  BA  or  CS  and 
4  years  of  related  experi¬ 
ence.  Must  have  SAP  Bus¬ 
iness  One  experience.  Mail 
resume  to  Attn:  Resumes 
PSD  Consultants,  LLC, 
2218  McClendon  St.,  Suite 
5,  Houston,  TX  77030- 
2020.  Refer  to  job  code 
NL0001  when  applying. 


Software  Engineer:  Perform 
client-server  application  devel¬ 
opment  using  C/C++,  Delphi, 
SQL  and  xBase  languages  on  a 
UNIX  platform:  participate  in  the 
analysis  and  design  of  new  serv¬ 
er  applications;  investigate, 
solve  issues  and  provide  main¬ 
tenance  to  existing  server  appli¬ 
cations;  design  and  develop 
software  interfaces  between 
remote  client-server  applica¬ 
tions;  perform  standalone  Win¬ 
dows  and  UNIX  application 
development  using  object  orient¬ 
ed  languages  including  C++  and 
Delphi;  participate  in  project  life 
cycle  development  and  provide 
status  updates  on  project  activi¬ 
ties;  perform  analysis  and 
research  of  any  given  enhance¬ 
ments  proposed  to  existing  serv¬ 
er  applications;  perform  coordi¬ 
nation,  preparation  and  delivery 
of  server  releases  and  patches. 
Requires  a  Bachelors  degree  in 
Computer  Engineering  or  Com¬ 
puter  Science  and  either  2  yrs. 
experience  in  the  job  offered  or 
2  yrs.  experience  in  client-server 
application  development  using 
C/C++,  Delphi,  SQL  and  xBase 
languages.  Salary  is  63,000/yr, 
40  hrs/wk,  8  AM  to  5  PM,  Mon.- 
Fri.  To  apply  submit  2  copies  of 
resume  to:  Case#  200300612, 
Division  of  Career  Services, 
Labor  Certification  Unit,  19 
Staniford  St.,  1st  floor,  Boston, 
MA  02114. 


Info.  System  Manager: 
direct  &  coordinate  info  sys¬ 
tems  and  computer  pro¬ 
gramming  for  tech  firm,  MA 
Degree  &  2  yrs  exp  req'd; 
Job  at  Enlightened,  Inc. 
Washington,  DC;  cover  let¬ 
ters  &  resumes  to 
Enlightened,  Inc.,  666  11th 
Street,  NW,  Suite  620, 
Washington,  DC  20001 . 


Ads  Placed  Weekly 


Didn’t  find  the  IT 
Career  Opportunity 
you  were  looking  for? 


Check  back  weekly  for 
fresh  job  listings  placed 
by  top  companies 
looking  for  skilled  IT 
professionals  like  you! 
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Top  10  reasons  why  you 
should  advertise  your  recruitment 
message  with  IT  Careers. 


IT  Careers  Audience  Skill  Survey  2003/2004 


• 

IS/MIS/IT 

84% 

• 

Windows  2000 

83% 

• 

TCP/IP 

83% 

• 

Windows  95/98 

82% 

• 

PC/s 

80% 

• 

Unix  NET/Linus 

75% 

• 

Networking/Telecom 

74% 

• 

Windows  NT 

73% 

• 

Windows  XP 

69% 

• 

Intemet/Web  Dev./E-Com. 

68% 

Your  direct  line  of 
communication  to  qualified  IT 
Professionals  with  the  most  in 
demand  IT  skills 


Contact  us:  800-762-2977 
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Comdex 

America  in  Secaucus,  N.J.,  said 
that  in  the  early  1990s,  Comdex 
was  the  place  “to  see  the  latest 
and  greatest  technologies  that 
were  rapidly  rolling  out.” 

But  that  changed  as  Comdex 
showcased  mundane  acces¬ 
sories  such  as  mouse  pads. 
“The  event  became  over¬ 
whelming,  and  the  value  was 
diluted,”  Schwartz  said,  adding 
that  he  stopped  attending  and 
watched  as  major  sponsors 
and  vendors  bailed  out. 

San  Francisco-based  Media- 
Live  International  Inc.,  which 
took  over  the  show  in  2003, 
said  this  year’s  planned  edition 
was  canceled  because  of  a  con¬ 
tinuing  lack  of  interest  and  fi¬ 
nancial  commitments  from 
major  IT  vendors.  The  same 
problem  drove  MediaLive  to 
give  up  on  Comdex  last  year 
[QuickLink  47727],  but  the 
company  said  then  that  it 
would  try  again  this  year. 


Dwindling  atten¬ 
dance  has  also  been 
a  factor.  About 
40,000  people  at¬ 
tended  the  show  two 
years  ago,  down 
from  some  200,000 
in  its  heyday. 

A  spokesman  for 
the  show  couldn’t  be 
reached  for  com¬ 
ment  despite  several 
attempts.  In  a  state¬ 
ment,  MediaLive  said  it  has 
made  “significant  progress”  in 
working  with  vendors  and 
other  parties  to  rethink 
Comdex.  MediaLive  still 
hopes  to  bring  the  show  back 
to  life  in  2006,  but  it  noted 
that  “considerable  work” 
needs  to  be  done  first. 

“At  least  for  the  time  being, 
the  need  for  a  general  indus- 
try-pat-on-the-back  type  show 
like  Comdex  is  not  here,”  said 
Charles  King,  an  analyst  at 
Pund-IT  Research  in  Hay¬ 
ward,  Calif.  But  that  could 
change  at  some  point,  he 
added.  “These  things  tend 


to  go  in  cycles.” 

Michael  H.  Hugos, 
CIO  at  Network  Ser¬ 
vices  Co.  in  Mount 
Prospect,  Ill.,  and  a 
Computerworld 
columnist,  said  he 
last  attended  the 
show  in  1998  and 
wasn’t  planning  to 
go  this  year.  “It  had 
very  little  relevance 
to  me  because  it 
tried  to  reach  such  a  broad  au¬ 
dience  that  the  whole  event 
became  very  unfocused,”  he 
said  in  an  e-mail  message. 

“In  the  early  days  of  the  PC, 
Comdex  was  really  focused  on 
just  the  PC,  and  it  was  the 
place  to  go  to  see  the  latest  ad¬ 
vances  in  PC  technology,” 
Hugos  wrote.  “After  the  late 
’90s,  it  was  no  longer  worth 
my  time.” 

David  Lewis,  CIO  at  Deseret 
Mutual  Benefits  Administra¬ 
tors,  a  Salt  Lake  City-based 
nonprofit  that  administers 
welfare  and  financial  benefits, 
last  attended  Comdex  about 


15  years  ago.  “I  now  focus  on 
CIO-level  discussions”  at 
more-targeted  conferences,  he 
said  via  e-mail.  “My  issues  are 
more  strategic  than  specific 
vendor  solutions,  although 
those  are  still  important.” 

Lewis  added  that  the  show 
was  never  a  “must  attend” 
event  for  him.  “If  we  wanted 
to  see  a  particular  vendor’s  of¬ 
ferings,  there  are  other  ways 
to  see  them,”  he  said. 

Vendor-driven  Event 

Bruce  Barnes,  a  principal  at 
Bold  Vision  LLC,  an  IT  con¬ 
sultancy  in  Dublin,  Ohio,  said 
Comdex  was  useful  a  decade 
ago  and  agreed  with  others 
that  it  lost  its  way. 

“One  of  the  largest  telling 
tales  is  the  fact  that  the  orga¬ 
nizers  have  tried  to  revive  the 
event  by  creating  an  advisory 
board  of  vendors,”  Barnes 
said  via  e-mail.  MediaLive 
should  ask  users  for  input, 
he  added. 

But  Jim  Speer,  director  of 
information  systems  at  Mesa, 


Ariz.-based  Talley  Defense 
Systems  Inc.,  said  he’s  disap¬ 
pointed  that  Comdex  was  can¬ 
celed  for  another  year. 

Speer  said  he  has  sent  his 
entire  staff  to  the  show  in  the 
past  and  was  waiting  to  see 
about  this  year’s  event.  “My 
feeling  was  that  we  needed  to 
go  every  couple  of  years,”  he 
said  in  an  e-mail.  “It  appears 
that  it  is  in  trouble.” 

Comdex  has  been  “one  of 
the  only  shows  that  gives  my 
people  a  chance  to  get  a  view 
of  a  lot  of  new  technology  in 
one  place,”  Speer  added.  “The 
difficulty  was  that  it  was  very 
big  and  it  was  hard  to  see 
everything.” 

Speer  said  he  still  thinks  a 
reconfigured  Comdex  could 
be  useful  for  corporate  IT  at¬ 
tendees,  but  only  if  MediaLive 
makes  big  changes.  “We  need 
technology  shows  that  edu¬ 
cate,  and  Comdex  had  that  po¬ 
tential,”  he  said.  “It  moved 
away  from  that. . . .  The  last 
show  I  attended  felt  more  like 
a  flea  market.”  ©  53527 


LEWIS  says 
Comdex  was  never 
a  “must  attend” 
event  for  him. 


Continued  from  page  1 
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include  a  built-in  firewall, 
Network  Access  Quarantine 
Control  components  to  isolate 
out-of-date  virtual  private  net¬ 
work  assets,  and  a  wizard  that 
gathers  information  about  the 
roles  of  servers  and  blocks 
services  and  ports  that  aren’t 
needed. 

“That’s  great,  because  we 
don’t  have  to  integrate  it  all 
piecemeal.  It  comes  all  at 
once,”  said  Jonathon  Adding¬ 
ton,  a  network  administrator 
at  sporting  goods  equipment 
manufacturer  K-2  Corp.  in 
Vashon,  Wash. 

Addington  said  that  in  some 
cases,  K-2  has  already  brought 
in  third-party  products  to  pro¬ 
vide  some  of  the  functionality 
that  Microsoft  is  adding  in 
SP1.  But  the  prospect  of  not 
having  to  buy  other  products, 
such  as  firewall  hardware,  is 


enticing.  “It  could  save  a  great 
deal  of  money,”  Addington  said. 

However,  that  won’t  provide 
any  relief  for  past  investments 
that  were  needed  to  fill  the 
voids  in  Windows  Server 
2003,  noted  an  infrastructure 
support  director  at  an  insur¬ 
ance  company  who  asked  not 
to  be  identified.  Microsoft 
“came  late  to  the  security  par¬ 
ty,”  he  said.  “It’s  hard  to  thank 
the  car  dealer  for  delivering 
the  tires  today  when  the  car 
was  bought  years  ago.” 

The  Security  Configuration 
Wizard  in  SP1  gives  compa¬ 
nies  new  capabilities  to  hard¬ 
en  their  systems  against  at¬ 
tack,  but  the  insurer  has  al¬ 
ready  tackled  that  on  its  own. 
The  support  director  there 
said  he’s  not  sure  that  aban¬ 
doning  the  company’s  proven 
methods  in  favor  of  Micro¬ 
soft’s  tools  would  provide  bet¬ 
ter  protection. 

Microsoft  initially  said  Win¬ 
dows  Server  2003  SP1  would 


ship  in  the  second  half  of  last 
year.  But  when  the  company 
marshaled  its  resources  be¬ 
hind  Service  Pack  2  for  its 
Windows  XP  operating  sys¬ 
tem,  that  disrupted  the  sched¬ 
ules  for  other  Windows  re¬ 
leases,  according  to  A1  Gillen, 
an  analyst  at  IDC. 

Gillen  said  the  delay  on 
Windows  Server  2003  SP1 
didn’t  have  a  critical  impact  on 
most  corporate  IT  shops  be¬ 
cause  Microsoft  has  released 
some  security  enhancements 


along  the  way.  Also,  the  initial 
software  was  more  secure  out 
of  the  box  than  the  typical 
Windows  release  is,  he  added. 

Yet  even  companies  that 
have  regularly  patched  their 
systems  should  look  at  in¬ 
stalling  SP1,  according  to  Samm 
DiStasio,  director  of  product 
management  in  Microsoft’s 
Windows  Server  division.  He 
said  Microsoft  made  changes 
as  part  of  SP1  to  address  the 
root  causes  of  certain  classes 
of  attacks,  and  those  tweaks 


aren’t  incorporated  into  the  ex¬ 
isting  patches. 

One  major  concern  for 
users  deploying  any  operating 
system  update  is  application 
compatibility.  To  that  end,  Mi¬ 
crosoft  has  tested  more  than 
125  applications  with  SP1  and 
plans  to  post  a  document  on 
its  Web  site  to  show  the  find¬ 
ings,  DiStasio  said. 

Some  beta  testers  spotlight¬ 
ed  by  Microsoft  said  they  have 
seen  only  minor  problems,  and 
they  were  quickly  resolved. 

For  instance,  the  IT  depart¬ 
ment  of  the  government  of 
Fulton  County,  Ga.,  hit  a  “cou¬ 
ple  of  bumps”  last  year  while 
testing  SP1  on  30  servers.  But 
Russell  Mobley,  an  assistant 
director  of  IT  for  the  county, 
said  staffers  encountered  no 
problems  deploying  the  Fmal 
release  on  100  production 
servers  running  Exchange, 
file-and-print  and  directory 
services,  and  various  depart¬ 
mental  applications.  ©  53526 


NEW  FEATURES 


Windows  Server  2003  SP1 

Security  Configuration  Wizard:  Gathers  information  about  server 
roles  and  blocks  unneeded  services  and  ports. 

Windows  Firewall:  Allows  networkwide  end-user  access  control  through 
Active  Directory's  Group  Policy  feature. 

Postsetup  Security  Updates:  Blocks  all  inbound  connections  after  instal¬ 
lation  until  Windows  Update  has  downloaded  the  latest  security  updates. 

Internet  Information  Services  6.0  Metabase  Auditing:  Lets  IT  admini- 
strators  identify  potential  malicious  users  if  the  data  store  becomes  corrupted. 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Listen  Up,  Mark 

MARK  HURD,  you’re  about  to  take  over  as  CEO  at 

Hewlett-Packard,  and  every  IT  industry  blowhard  is 
talking  about  you  like  you  weren’t  in  the  room.  He’s 
a  small-timer  from  dinky  little  NCR.  He’s  a  Wall 
Street  darling  who  quadrupled  NCR’s  stock  price. 
He’s  a  cost-cutter  who  doesn’t  do  R&D.  He’s  a  great  fit.  He’s  a  lousy 
fit.  He’s  a  mystery  man. 

You’re  going  to  hear  a  lot  of  advice,  and  a  lot  of  verdicts  on  how 
well  you’ll  do  from  people  who  never  heard  of  you  a  week  ago. 

And,  yeah,  you’re  about  to  hear  that  from  me,  too.  First  the  advice: 
Listen.  Listen.  Listen.  Then  execute. 


Look,  you’ve  inherited  a  mess.  What  Carly 
Fiorina  was  good  at  was  stretching  HP  in  all 
directions.  HP  swallowed  Compaq,  including 
Digital  Equipment  and  Tandem.  HP  jumped 
into  consumer  stuff  in  a  big  way,  selling  TVs, 
music  and  satellite  radios. 

HP’s  corporate  culture  also  got  stretched  out 
of  shape.  Fiorina  arrived  late  in  the  dot-com 
boom,  when  the  low-key,  engineering-focused 
“HP  Way”  seemed  like  a  quaint  anachronism. 
She  left  at  the  tail  end  of  the  worst  IT  downturn 
ever.  In  between,  lots  of  HP  people  felt  like  they 
got  run  over  by  a  truckload  of  bad  ideas. 

First  of  all,  listen  to  those  HP  people.  You’re 
an  outsider.  You  don’t  know  where  the  bodies 
are  buried  in  Palo  Alto,  where  the  problems  lie, 
where  the  untapped  strengths  are.  You’ll  learn 
some  of  that  from  the  top  HP  execs  you  decide 
to  trust.  But  that’s  not  enough. 

So  if  you  don’t  revive  anything  else  of  the  HP 
Way,  try  what  Dave  Packard  called  “manage¬ 
ment  by  walking  around.”  Hit  the  hallways. 
Show  your  face.  Keep  your  ears  open.  Talk  with 
some  of  the  150,000  HP  employees  without 
whom  you’re  toast  —  and  listen. 

Next,  hit  the  streets.  HP  isn’t 
NCR;  you  know  that.  HP’s  big  cus¬ 
tomers  have  their  own  expectations, 
preferences  and  needs.  And  they’ve 
been  waiting  for  you.  Do  a  little 
talking  and  a  lot  of  listening.  Let 
them  see  that  the  new  guy  isn’t  such 
a  mystery.  Pay  attention  to  what 
they  ask  for,  and  also  to  what  they 
don’t  ask  for.  Make  no  assumptions. 

Ask  questions.  Listen. 

Then  take  what  you  know  and  go 
back  to  the  board.  They  hired  you 
because  you  worked  miracles  at 
NCR.  But  you  can’t  just  sprinkle  the 


same  operational  fairy  dust  on  HP.  There’s  no 
clear  focus  like  the  one  NCR  has  on  transactions. 
You’ll  have  to  decide  which  of  HP’s  jumble  of 
directions,  initiatives  and  ideas  get  the  nod. 

So  present  a  plan,  based  on  what  you’ve 
learned  from  employees  and  customers.  Then 
listen.  This  board  has  been  divided  against 
itself.  You  need  the  board’s  unified  support. 
Listen.  Adjust.  Keep  listening. 

Finally,  execute.  You  know  what  you  were 
hired  to  do.  “Operational  efficiency”  means  cut¬ 
ting  costs,  some  of  which  are  attached  to  warm 
bodies.  In  the  short  term,  “driving  shareholder 
value”  means  the  same  thing.  A  lot  of  that  lis¬ 
tening  is  to  make  sure  that  you  cut  the  right 
costs  in  the  right  places. 

But  it’s  also  so  you’ll  be  ready  for  the  next 
step:  delivering  what  customers  want.  That  re¬ 
quires  finding  your  own  focus  for  the  mess  that 
is  HP.  You  weren’t  really  hired  for  that,  but  it’s 
where  the  real  miracles  need  working  at  HP. 

Can  you  do  it?  I  have  my  doubts.  HP’s  prob¬ 
lems  aren’t  just  operational,  they’re  structural. 
You’re  facing  a  big  pile  of  undigested  initiatives 
and  hamstrung  by  a  board  that  wants  stability 
right  now.  Frankly,  I  think  you’ll 
succeed  at  the  cutting  and  fail  at 
the  focusing.  Once  you’ve  chopped 
away  at  the  HP  jungle  for  a  while, 
you’ll  be  dumped. 

Prove  me  wrong.  Make  it  work. 
That’s  what  HP’s  employees  want, 
and  its  shareholders,  and  most  of  all 
its  customers.  Your  success  means 
their  success.  If  you  win,  every¬ 
body  wins  except  the  naysayers. 

So  listen,  listen,  listen,  and  exe¬ 
cute.  Then,  just  maybe,  you  won’t 
have  to  listen  to  people  like  me 
anymore.  O  53485 


FRANK  HAYES,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworid.com. 


Think  Like  a  User 

User;  “I  forgot  my  ID  to  log  into  the  network."  Support 
pilot  fish:  No  problem,  sir  -  it’s  just  your  name.  User 
“How  do  you  mean?”  Fish:  Your  ID  is  your  first  initial 
plus  your  last  name,  up  to  a  maximum  of  eight  charac¬ 
ters.  User:  “But  how  did  I  spell  it?” 


Honest! 

Sales  guy  wants 
IT  manager  pilot 
fish  to  remove  a 
word  from  his 
spell-check  dictionary. 
What  word?  Lie.  “When 
I  realized  he  was  seri¬ 
ous,  I  asked  what  was 
wrong  with  that  word,” 
fish  says.  “He  said  he 
meant  to  type  the  word 
like,  but  he  inadvertently 
dropped  the  ‘k’  and  the 
spell  checker  didn’t  warn 
him.  So  if  we  took  lie 
out  of  the  dictionary,  this 
wouldn’t  happen  again!” 

The  Reason  Why 

This  laser  printer  suffers 
lots  of  paper  jams  and 
appears  to  be  in  pretty 
rough  shape,  so  it’s 
scheduled  for  replace¬ 
ment.  “Of  course,  before 
the  replacement  was 
ready,  we  were  called, 
once  again,  to  fix  a  pa¬ 
per  jam,”  says  pilot  fish 
on  the  scene.  “This  time 
we  must  have  asked  the 
correct  troubleshooting 
question,  because  the 
user’s  response  was,  ‘No 
matter  how  hard  I  hit  it, 
it  still  won’t  work.’  ” 

Right  idea. 

Wrong  Part 

User  gets  a  new  flat- 
screen  monitor,  and  his 
old  CRT  is  being  handed 
down  for  use  with  anoth¬ 
er  machine.  But  he's  not 
happy.  “As  the  tech  was 
taking  the  monitor  to  its 
new  home,  the  user  in¬ 
sisted  that  the  monitor 
be  ‘reformatted,’  ”  says 


a  pilot  fish 
watching  it  all. 
“He  was  con¬ 
cerned  that 
people  using 
the  monitor  would  be 
able  to  see  what  had 
been  on  his  screen.” 

Line  Dance 

Remote  user  is  having 
trouble  with  a  spread¬ 
sheet  program.  I  can’t 
get  to  the  data  in  one 
field  because  there’s  a 
picture  of  little  people 
holding  hands,  she  tells 
support  pilot  fish.  Little 
people  holding  hands? 

“I  kept  trying  to  find  out 
what  she  was  looking 
at,”  fish  says.  “I  finally 
realized  her  cell  had  too 
much  data  in  it  and  was 
filled  with  asterisks  in  a 
row  that  looked  like  stick 
people  to  her  -  all  hold¬ 
ing  hands.” 

Not  to  Milspec 

Pilot  fish  has  worked  at 
small  businesses  for 
years,  until  he’s  hired  as 
a  sysadmin  at  the  Penta¬ 
gon.  “Not  long  after  I 
was  hired,  a  co-worker 
and  I  were  working  on  a 
knotty  problem  getting  a 
switch  configured,”  says 
fish.  “After  a  long  strug¬ 
gle,  he  finally  got  it 
solved.  I  cheered  and 
said,  ‘Woo-hoo,  my  man! 
You  are  the  bomb!’  He 
looked  at  me  and  said 
that  now  that  I  was  em¬ 
ployed  in  the  Pentagon,  I 
might  want  to  be  a  little 
more  careful  about  what 
kind  of  slang  I  used.” 


SHARK 

TANK*. 


OSHARKY  TALKS  THE  TALK.  Send  me  your  true  tale 
of  IT  life  at  sharky@computerworld.com.  You'll  snag 
a  snazzy  Shark  shirt  if  I  use  it.  And  check  out  the  daily  feed, 
browse  the  Sharkives  and  sign  up  for  Shark  Tank  home  de¬ 
livery  at  computerworld.com/sharky. 


Security  and  wireless.  Together  at  last.  HP's  wireless'  notebooks,  powered  by  Intel1’  Centrino™  Mobile  Technology,  have  security  features  built  in,  not  bolted 
on.  In  fact,  all  of  our  new  wireless'  notebooks,  tablets  and  handhelds  have  distinct  security  advantages  that  set  us  apart.  HP  ProtectTools  provides  an  array  of 
the  latest  security  tools  designed  to  make  your  HP  notebook,  tablet  and  handhelds  virtually  impervious  to  intruders,  whether  you're  working  with  wires  or 
without.  More  expertise,  technology,  service,  support  and  security.  That's  what  HP  Smart  Office  solutions  give  you. 


HP  recommends  Microsoft®  Windows®  XP  Professional. 


HP  COMPAQ  nc6120 
NOTEBOOK 


$1,249 

($l,599-$350  Instant  Savings=$l/249)'t 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor 
730  (1.60GHz)3 

•  Intel®  PRO  Wireless  2200BG 
(802.11  b/g)1 

•  Microsoft0'  Windows®  XP  Professional 

•  15"  XGA  Display 

•  24X  DVD/C  DRW  Combo  Drive6 

•  512MB  DDR  SDRAM  (1  DIMM) 

•  40GB  (5400  rpm)  Hard  Drive'* 

•  ProtectTools:  Security  Manager, 
Credential  Manager,  BIOS  Configuration 


HP  COMPAQ  tcllOO 
TABLET  PC 


$1,599 

($2,049-$450  Instant  Savings=$l,599)'’ 

•  Intel®  Centrino™ Mobile  Technology 

•  Intel®  Pentium®  M  Processor  ULV 
713  (1.10GHz)3 

•  Intel®  PRO  Wireless  2200BG 
(802.11  b/g)1 

•  Microsoft®  Windows®  XP  Tablet 
PC  Edition 

•  256MB  DDR  SDRAM 

•  40GB  (4200  rpm)  Hard  Drive5 

•  1-year  limited  warranty7 

•  ProtectTools:  Security  Manager,  Optional 
Smart  Card  Security,  Credential  Manager 


Enhance  your  system. 


HP  IPAQ™  hx2750 
POCKET  PC 

-  Intel®  PXA270  Processor 
(624MHz)3 

-  Windows®  Mobile  2003  for 
Pocket  PC,  Second  Edition 

-  128MB  SDRAM,  128MB 
Flash  ROM 

-  ProtectTools:  Biometrics, 

Data  Encryption 

*549 


i  n  v  e  n  f 


Secure  your  HP  notebook  investment.  Get  Accidental 
Damage  Protection  for  as  little  as  $99/year  or  $169/3  years. 


CLICK 

www.hp.com/go/mobility6 

CALL 

1-866-625-4734 

VISIT 

your  local  reseller 

Price3  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount,  are  good  while  supplies  last  and  are  available  from 
HP  Direct  and  participating  HP  resellers.  All  featured  offers  available  in  U.S.  only.  1  A  standard  WLAN  infrastructure,  other  Bluetooth-enabled  devices  and  a  service  contract  with  a  wireless  airtime  provider  may  be  required  for  applicable  wireless  communication .  Wireless  Internet  use  leouires  a  seoaralelv 
purchased  service  contract.  Check  with  service  provider  for  availability  and  coverage  in  your  area.  Not  all  Web  content  available.  2.  One-year  limited  warranty  for  parts,  labor  and  next-business-day  support.  3.  Intel's  numbering  is  not  a  measurement  of  higher  performance  4  Inslant  savinos  otter  avai'al  ii 
on  qualifying  HP  Compaq  nc61 20  Notebooks  and  HP  Compaq  tel  100  Tablet  PCs  through  5/31/05. 5.  For  hard  drives,  GB=bi!lion  bytes.  6. 24X  DVD/CR-RW  Combo  Drive  data  transfer  rates  may  vary  as  follows:  for  recording  to  CD-R  media  tor  writinq  to  CD-RW  media  tor  readino  CD  media  the  m  ix 
transfer  rate  may  be  up  to  3600  Kbps;  for  reading  DVD  media,  the  max  transfer  rate  may  be  up  to  1 0,800  Kbps.  Actual  transfer  rates  may  vary  depending  on  media  quality.  Intel,  Intel  Logo,  Intel  Inside,  Intel  Inside  Logo,  Intel  Centrino,  Intel  Centrino  Logo,  Celeron,  Intel  Xeon  Intel  SoeedSteD  Itanium  and 
Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  ©2005  Hewlett-Packard  Development  Company  I  P. 


Oracle  Database 


World's  #1  Database 
^For  Small  Business 


Easy  to  use.  Easy  to  manage.  Easy  to  buy  at  Dell. 
Only  $149  per  user. 


dell.com/database 
or  call  1.888.889.3982 

Terms,  conditions  and  limitations  apply.  Pricing,  specifications,  availability  and  terms  of  offers  may  change  without  notice. 
Taxes,  fees  and  shipping  charges  extra,  vary  and  are  not  subject  to  discount.  U.S.  Dell  Small  Business  new  purchases  only. 

Dell  cannot  be  responsible  for  pricing  or  other  errors.  Oracle  Database  Standard  Edition  One  is  available  with  Named  User 
Plus  licensing  at  $149  per  user  with  a  minimum  of  five  users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition 
One  is  permitted  only  on  servers  that  have  a  maximum  capacity  of  2  CPUs  per  server. 

For  more  information,  visit  oracle.com/standardedition 
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